Social Icons

Showing posts with label SECURE SOCKET LAYER. Show all posts
Showing posts with label SECURE SOCKET LAYER. Show all posts

Saturday, January 12, 2013

Malicious Shortened URLs : Rising Threat

1.     Internet today is all but a minefield of boogies,traps and malware.....every day so many threats are born....though most of them die but still a huge percent of them survive the security walls and become stronger by time as they are able to remain live and acvtive.In recent times shortened URLs have become popular amongst users (including me...:-) to conserve the typing space like in microblogging sites viz twitter etc.So typically a naive(???),prone user who submits his long URL to a site to get a shortened URL receives a second,specially coded shortened URL that redirects to the original URL.So here lies the weak hole that is most of the times exploitable by the attacker...because the actual destination URL is hidden in it....so going by the looks...there is nothing to worry...but it is the redirection that is a cause of worry...it may be right or may be redirecting to a malicious link....!!!!so when some one uses a free URL shortener ,he does not have control over that shortened link. And, should something happen to the provider of that URL shortener, then he risks redirecting ALL of shortened links elsewhere!!!

2.  We all know that clicking links is pretty tempting....so it is just a matter of one redirected malicious link click that makes the difference....so whats the solution????...actually companies like Facebook,Gmail, SBI, Paypal ,twitter etc are offering users the option of persistent SSL encryption and authentication across all the pages of their services including the login and all accessible pages.....but this does not stand good for all...for these sites also..it is optional to vide the settings for accessing....

Saturday, January 28, 2012

Security Design @ WebHosting

1.  At a time today when new websites are being hosted at quite a pace,proportional is the pace of hacking and defacing of these websites.Today you have a website maker in the market who may simply demand some Rs 500/ per page design and few more hundreds for hosting it...and we all are ready to do pay him....but at what price....is it simply the final handing over taking over of the password that closes the deal between you and the designer/hoster?....NO....I rate it equivalent to the toss....thereon the match begins.....just a matter of time depending on what all security parameters/variables/factors you took into consideration while designing it?

2.  Specially concerned with web sites who have E-Commerce and transactions or who deal with handling database of huge sizes which can be critical later on, if compromised any time.The following factors should be noted down and infact dealt with seriously to be kept on high priority while designing and final hosting :

- Password /Data Protection : You must have a sound password and methods to protect all the DATA in place.

- OS/Server hardening : You use a windows or a linux....rest assured you must always used a hardened OS/Server.

- OS Selection : Create and design on any OS...today you can launch it on web.A more vulnerable OS which has had a history of hacks and known exploits should be avoided.

- DDoS Protection : Shared hosting servers are vulnerable to attacks by hackers who carry out their work by uploading malware or otherwise malicious sites or code onto a server. These malware programs be introduced to a server through security vulnerabilities in a legitimate client’s site, and the malware is used for anything from stealing credit card data to launching a DDoS, or Distributed Denial of Service attack.So think before you fire up your site.

- Spam filters : No explanations

- Firewalls : Must...so many types in market : Decide like what you r going to select a HARDWARE FIREWALL or a SOFTWARE FIREWALL.The selection is of crucial significance in deciding the overall security rating!!!

- BACKUP : You must have a way to keep backing up all your data.Some ploicy should be designed of what happens if owing to some kind of reason you loose all ur data....mirror or offline backup!!!!anything...but keep in mind.

- SSL enabled server : MUST

- SFTP: Though FTP is not that bad....but when SFTP is there....y bank on a relatively lower secured protocol......


Powered By Blogger