Trojans steal FTP Login passwords for websites


Jacques Erasmus, CTO at Prevx, an internet security vendor headquartered in the U.K., discovered a site where a trojan is uploading FTP login credentials from more than 74,000 websites. Among the affected FTP login data are major corporations including Bank of America, BBC, Amazon, Symantec and McAfee. The trojan, a variant of Zbot, main purpose is to harvest stored FTP login credentials to send them to servers located in China. According to Erasmus, the final purpose of this attack is to get access to websites source codes injecting evil Iframe that would spread the malware further. The Zbot trojan has been in use for some time to carry on different types of illegal and also remunerative activities: installing spyware and adwares and
phishing emails mainly.

An overview of Web Applications and Web Servers security

Did you know that the vast majority of internet attacks nowadays are focused on web applications and web servers in general? Almost any business has an online presence with a website, e-commerce web application, web front with database at the back etc etc.

Hackers have found ways to infiltrate internal networks via those web applications that most of the times are insecurely coded and are full of vulnerabilities. Attacks and exploits range from code injections, sql injection, cross site scripting (XSS) etc. Via those exploits, attackers can steal sensitive information from the databases on the back of the web-apps, or even manage to gain shell access on the database or web server itself. Gaining shell access allows the attacker to create a “pivot-point” from where he can execute further attacks to get deeper into the network.

The following are some important suggestions to follow for hardening your web applications:

  1. First and most important is to adopt secure coding. Your software developers or the vendor from where you purchased the web application or whoever designed and coded your website, must have implemented security inside the code itself. Some examples include the filtering of input data in web forms (to block sql injections or XSS), the avoidance of buffer overflows, the avoidance of remote file injection and local file injection etc.
  2. Don’t allow the web server to communicate with the database as an administrator user (sa).
  3. Don’t run the webserver or the database server with administrator priviledges.
  4. Configure engress firewall filtering in order to prohibit the database from communicating with the outside world.
  5. Remove command execution (e.g xp_cmdshell) capability on the database.
  6. And ofcourse harden all software and applications with latest patches.
  7. Implement host intrusion detection and log monitoring.

 Those are some of the most important steps you need  to take to enhance the security of your web-apps and backend databases.

Protect your children on the Internet

Many parents ask how they can protect their children while they surf on the Internet. Recently a mother was worried that her children spend too much time on sites like Orkut, MySpace and Facebook. These concerns were not because of time loss from such activities but mainly because she didn’t know with whom the children were communicating in these social networks and whether the children were giving any personal information to unknown people. After several references on the press about the hazards hidden in the Internet social networks, the mother decided to block some sites on the children computer.

The only problem was that the mother was not aware of parental control software like Net Nanny or Norton Internet Security, which also cost some money. Before you decide to block some addresses (something that the children will be opposed), try a few other things:

First of all, educate your children and tell them about the dangers that exist when they share information with strangers. Family members should discuss the security and confidentiality of data in the web. You can place the computer in an area where you can easily check the screen to get an idea of what your children do and which sites they visit frequently. Furthermore, Orkut is a social network which means that one can easily see what friends your children have and what data is exchanged.

Finally, to block specific sites on your child’s computer with Windows without paying any money, follow the procedure below.

* Start – Run
* Enter notepad c: \ windows \ system32 \ drivers \ etc \ hosts
* Go to last line and add:

* Save the file and quit notepad

You can block any site you want with this technique. If you want later to unblock a certain site, simply remove the appropriate line with the same procedure. You should know however that usually your children are very smart and they will find out about the above technique sooner or later. So maybe a parental control software might be more appropriate.

Adobe Reader and Acrobat JBIG2 Processing Multiple Vulnerabilities

Adobe Acrobat is a program designed to create, manage and view Portable Document Format (PDF) and Adobe Reader is designed to only view and print PDF’s. Both Adobe Acrobat and Reader have buffer overflow vulnerabilities while handling JBIG2 streams inside a PDF file. JBIG2 is an image encoding standard for encoding bi-level images. One of the flaws is due to a four byte value which represents the number of values in a table and is used to allocate a buffer. This value is taken from the file without adequate checking and a specially crafted PDF file can be used to overflow the buffer. The other flaw is due to a malformed JBIG2 symbol dictionary segment contained in a malicious PDF file. There are still some other unspecified errors in the processing of this JBIG2 streams. Potential vectors of attack are sending the malicious PDF document as an email attachment, or enticing the victim to visit the website that has malicious document – which can be achieved via iframes, or placing the document on a file share. In either case the attacker has to convince the victim to open the files. Successful exploitation can lead to code execution. Some technical details are publicly available.

Affected:Adobe Acrobat Standard 8.1.3 and prior
Adobe Acrobat Standard 7.0.8 and prior
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1 and prior
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader (UNIX) 7.0.1 and prior
Adobe Acrobat Reader 8.1.3 and prior
Adobe Acrobat Reader 7.0.9 and prior
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1 and prior
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.3 and prior
Adobe Acrobat Professional 7.0.9 and prior
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.1 and prior
Adobe Acrobat Professional 7.1
Adobe Acrobat 7.0.3 and prior

Microsoft Buffer Overflow Vulnerability on Graphical Device Interface GDIPlus EMF

There is a Critical Microsoft vulnerability discovered these days affecting almost all windows versions:


Graphics Device Interface (GDI) is an application programming interface by Microsoft Windows. It’s a core operating system component responsible for representing graphical objects. Microsoft Windows GDI has integer overflow vulnerability in gdiplus.dll while processing Enhanced Metafile (EMF) files. Possible vectors to exploit the flaw are: (a) Create a webpage containing a malicious WMF or EMF image file, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted EMF image file attachment and convincing the user to view it or (c) embedding the malicious image file in an Office document and convincing the user to open it. Successful exploitation might lead to code execution or denial-of-service. Technical details about the vulnerability are publicly available.

Affected versions:

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
Microsoft Office XP SP2 and prior

Data security on the internet – DES and RSA Encryption

Have you ever wondered what happens when sending personal data via the Internet (eg via e-mail)? When you send your message, this becomes accessible from multiple computers, and a third person could take it and read. Imagine now if the government or military messages could be read by prospective Hackers what would happen. There should be therefore some kind of protection for sending and receiving messages. And of course this is how things are. There are two types of encryption, symmetric and asymmetric cryptography. Both types use two keys by which encryption and decryption of messages is achieved.

In symmetric cryptography, the same encryption key is used for encoding and decoding of a message. Therefore the key must be known to both the sender and the recipient. However, this requires a secure means for transmission and the only way to achieve this is to have a private meeting of the sender and the recipient where it is agreed what key will be used. If this is not feasible, symmetric cryptography is not recommended. A well known symmetric encryption algorithm is the Data Encryption Standard (DES or 3DES), which was developed by IBM and then adopted in 1977 by the U.S. Government as the standard encryption algorithm for important information.

On the other hand, in asymmetric cryptography two keys are used, one for encryption and another for decryption. Lets look at this case with an example using RSA asymmetric cryptography. Assume one party wants to accept a message from another party. Then from the side of the receiver, two keys are generated, a public and a private key, which uniquely correlate with each other. (ie for each private key there is only one public key). The receiver gives the sender the public key (which can be seen by anyone). Then the sender encrypts the message with this key and sends it to the recipient. During transport, the message can be seen by anyone but it can not be decrypted (at least regarding the RSA algorithm for which we discuss below). When the receiver gets the encrypted message, he can decrypt the message with his private key.

You must be asking now how this happens, that is, how an encrypted message created by the public key can not be deciphered with the same key that was created. This is the «magic» of mathematics in which there is not always a reverse process, or if there is, it can not be achieved by mathematical analytical methods. As we said before there is a correlation between public and private key. If you found this correlation then you can brake the encryption.

The RSA encryption method was proposed in 1977 by leading mathematicians Rivest, Shamir and Adleman, from where it took its name. The philosophy of this algorithm is what mentioned above and its security strength is based on the complexity of numbers. We will not mention how it operates exactly but we will give a very simple example to understand why its such a safe encryption method.

Assume you are given a number, 133. Can you find two numbers (except 1 and the same number), which when multiplied will give us 133? An analytical formula certainly does not exist (at least not for all the numbers), ie there is no formula to accept as input number 133 or 1,3,3 or any other relevant number and output a result. The only way to find these numbers is by trial and error, i.e to begin with numbers 2,3,4 … until we find exactly what divides 133 (to be precise we should look at numbers 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41 ..- prime numbers). After testing you will find that 7 divides exactly 133: 133 / 7 = 19, so the solution is the pair (7, 19).

Imagine now the number is not just 3 digits, like 133, … but 1000 digits! The time needed to find two numbers that when multiplied will give this 1000 digit number will increase dramatically. The RSA method is based on the inability of a system to analyze any such large numbers at a reasonable time.

As you will understand the higher the figure the more time you need to analyze this number to two factors (which are prime numbers). If one could calculate such numbers in a short time (and not a few years!), you could find the private key through the public key in order to decode the encrypted messages.

Certified Ethical Hacker certification salary

A research by Foote Partners , an independent market research company comprised of former Gartner and META Group industry analysts that report the industry’s only comprehensive survey of pay for certified and noncertified IT skills, has listed EC-Council’s Certified Ethical Hacker as the certification posting the greatest gains for seeing the highest pay increase in 2008, up 40% just behind GSEC of SANS ! It is interesting to note that CEH is up 40% despite the recent state of the global economy !

What is the best anti spyware program

A Computer virus is an executable program that has the ability to reproduce itself. This means that a virus is multiplied between computers, creating copies of itself. This multiplication is intentional by the virus and is usually the actual purpose of the malicious bug.

A virus can infiltrate a computer through several “entry points”. For Internet users, this can happen with downloading files, from email attachments, from network shares, from instant messaging applications etc. In the old days, viruses spread mainly by floppy disks.

When a virus infects a computer, it gets attached or replaces an existing program in the system. Thus, when the user runs the infected program, the virus is executed. This usually happens without the user knowing about the virus.

There are many types of computer viruses, such as file viruses, boot sector viruses, Trojan Horse, worms, spyware etc. Worms and Spyware are in my opinion the most dangerous among all the malware programs because usually their purpose is to steal personal data from the user (credit cards, passwords etc) or to take over the computer for sending spam.

A “general purpose” anti-virus tool is essential for your computer protection, but I believe that in addition to that, using a specialized anti spyware program is critical. To find the best anti spyware program you should look for something with a large spyware database with frequent updates, with detection capabilities for keyloggers, Trojans, hijackers, with protection against identity or credit card theft etc. For true computer protection, its essential to have a combination of a general-purpose antivirus with a specialized anti spyware protection program.

What is the best anti spyware program in the market?

I have used several freeware or commercial anti spyware tools for my computer but my vote for the best anti spyware program goes to Paretologic XoftSpySE. This is by far the best antispyware tool I have ever used.

[UPDATE] XoftSpySE is able to Successfully Remove the CONFICKER/DOWNADUP/KIDO Worm.

XoftSpySE is a spyware, adware, spybot, malware, keylogger, spy popup, and browser hijacker scanner and remover.

  • We highly recommend using XoftSpySE, as spyware is now just as big a threat as viruses.
  • XoftSpySE is designed to search and eliminate all known computer parasites that bog down the speed and capabilities of your PC.
  • XoftSpySE frequently updates its spyware definitions with free updates to keep you protected.
  • XoftSpySE should be used in conjunction with a good firewall, anti-spam and anti-virus software for complete PC protection. XoftSpySE does not detect viruses or manage spam.
  • Removes over 250,000 + harmful files/programs
xoftspyse 5 stars xoftspyse clean antispyware

Key features of this software:

  • Complete PC scanning, including running processes, registry entries, files and folders
  • Detects and removes: adware, spyware, pop-Up generators, keyloggers, trojans, hijackers, and malware
  • One of the largest spyware definition databases in the industry
  • Automatic definition and feature updates
  • Fast, powerful, and easy to use
  • Comprehensive customer technical support
  • Protects against identity and credit card theft

free download xoftspyse

For a limited time only you can receive a full version of RegCure Registry Cleaner, absolutely FREE as a gift when you register for XoftSpySE Anti-Spyware. Click the image below to receive your free gift.

free regcure registry cleaner with xoftspyse

CISSP Code of Ethics Canons

The following Canons are shown in the priority that they should be followed. To become a CISSP you must adhere to Ethical actions. Before taking the CISSP exam you must sign and agree to the code of ethics of the (ISC)2 organization.


  1. Do no harm. Protect society, the commonwealth, and the infrastructure.
  2. Act honorably, honestly, justly, responsibly, and legally.
  3. Provide diligent and competent service to principals.
  4. Advance and protect the profession.

Security Policy

Security Policies in an organization’s security system are divided into two broad categories:

1. Management’s Security Policy (or Organizational Policy)

This is the high level security policy of the whole organization. It provides management’s security goals and objectives in writing. It documents compliance and creates a security culture within the company. It establishes also the security activity/function, and holds individuals personally responsible for any security breaches.

2. Functional Implementing Policies

The functional policies are guided by the high level organization policy, and are used to actually implement the goals and objectives of the general organization policy. Examples of functional policies are:

  • Data Classification
  • Access Control Policy
  • Remote Access Policy
  • Internet and Acceptable use policy
  • Privacy policy

From functional policies come the supporting elements which are:

  • Standards
  • Procedures
  • Baselines
  • Guidelines


These are common solutions for the whole organization regarding common hardware and software mechanisms and products used to enforce and establish a secure environment.


Procedures, like policies, are considered to be MANDATORY requirements is a security system. Procedures are step-by-step written actions to be performed to accomplish a security requirement or objective. Examples of procedures are password changing, incident response, Business Continuity procedures etc. Procedures can be helpful to reduce mistakes in a crisis and ensure that important steps are not missed.


These are the minimum level of security configuration that can be carried across multiple implementations of the systems and on many different products. Baselines are descriptions of how to implement security mechanisms to ensure that implementations result in a consistent level of security throught the organization.


Examples of guidelines are ISO17799, Common Criteria, ITIL.

Guidelines are recommendations for security product implementations, procurement, planning etc. They are white papers, best practices etc.