Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

Saturday, June 1, 2013

How to enable Two-Factor authentication in Linkedin?


I'm very glad to hear the Linkedin is the latest company that boosts the security with the Two-Factor authentication. Few days back, Twitter enabled the two-step verification to thwart hackers.

Are you searching for the guide to configure the 2-step authentication? You are at right place.  Here is the guide that will help you to configure the linkedin two-step verification .

Before getting into the actual steps, let me explain what 2-step auth is.

Two-Step Verification:
A security feature that prompts you to enter a temporary secret number sent to your phone whenever you log into your account.

Why you should enable this feature?
I believe this is best security feature.  Let us assume, someone has stolen your login credentials via keylogger or phishing or any other method.  If the hacker try to log into the website with your credentials, he will asked to provide the secret number sent to your mobile.  Fortunately, you have your mobile with you ;) .  So hacker can't log in to your account.  Also you will come to know that someone is trying to access your account. 
 
How to configure the Linkedin Two-factor authentication?

Step1: 
Login to your account and go to the settings page:

https://www.linkedin.com/settings/

Step 2:
select the "Account" tab and click the " Manage security settings " option.


Step 3: 
Now Here , you can see the "Two-step verification for sign in " option and it displays the feature is currently "off".  To turn on the feature , simply click the "Turn on" link.



In next step, you will be asked to enter your phone number.



Step4 :



Once you enter the phone number, you will receive a security code.  After entering the security code sent to your mobile number, the feature will be turned on.  Hurrah, Now you are protected :)


Next time, when you try to log in, you will be asked to provide the secret code :)


Continue   Reading>>

Sunday, August 28, 2011

New DDOS Tool(Killapache)-65% of Internet(websites) is vulnerable |Apache Killer


Apache server announced 65% websites are vulnerable to DDOS tool.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

          Apache HTTPD Security ADVISORY
          ==============================

Title:    Range header DoS vulnerability Apache HTTPD 1.3/2.x

CVE:      CVE-2011-3192: 
Date:     20110824 1600Z
Product:  Apache HTTPD Web Server
Versions: Apache 1.3 all versions, Apache 2 all versions

Description:
============

A denial of service vulnerability has been found in the way the multiple 
overlapping ranges are handled by the Apache HTTPD server:

     
http://seclists.org/fulldisclosure/2011/Aug/175
An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server. The default Apache HTTPD installation is vulnerable. There is currently no patch/new version of Apache HTTPD which fixes this vulnerability. This advisory will be updated when a long term fix is available. A full fix is expected in the next 48 hours. Mitigation: ============ However there are several immediate options to mitigate this issue until a full fix is available: 1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request. Option 1: (Apache 2.0 and 2.2) # Drop the Range header when more than 5 ranges. # CVE-2011-3192 SetEnvIf Range (,.*?){5,} bad-range=1 RequestHeader unset Range env=bad-range # optional logging. CustomLog logs/range-CVE-2011-3192.log common env=bad-range Option 2: (Also for Apache 1.3) # Reject request when more than 5 ranges in the Range: header. # CVE-2011-3192 # RewriteEngine on RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) RewriteRule .* - [F] The number 5 is arbitrary. Several 10's should not be an issue and may be required for sites which for example serve PDFs to very high end eReaders or use things such complex http based video streaming. 2) Limit the size of the request field to a few hundred bytes. Note that while this keeps the offending Range header short - it may break other headers; such as sizeable cookies or security fields. LimitRequestFieldSize 200 Note that as the attack evolves in the field you are likely to have to further limit this and/or impose other LimitRequestFields limits. See: http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize 3) Use mod_headers to completely dis-allow the use of Range headers: RequestHeader unset Range Note that this may break certain clients - such as those used for e-Readers and progressive/http-streaming video. 4) Deploy a Range header count module as a temporary stopgap measure: http://people.apache.org/~dirkx/mod_rangecnt.c Precompiled binaries for some platforms are available at: http://people.apache.org/~dirkx/BINARIES.txt 5) Apply any of the current patches under discussion - such as: http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g@mail.gmail.com%3e Actions: ======== Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the above mitigations immediately. When using a third party attack tool to verify vulnerability - know that most of the versions in the wild currently check for the presence of mod_deflate; and will (mis)report that your server is not vulnerable if this module is not present. This vulnerability is not dependent on presence or absence of that module. Planning: ========= This advisory will be updated when new information, a patch or a new release is available. A patch or new apache release for Apache 2.0 and 2.2 is expected in the next 48 hours. Note that, while popular, Apache 1.3 is deprecated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iEYEARECAAYFAk5VI+MACgkQ/W+IxiHQpxsz4wCgipR6nQmd45hAgFmI/8dHULLF BtoAmQGsi2efZKibpaSMI+aCt8fQgWgS =11BG -----END PGP SIGNATURE-----

Source:apache
Continue   Reading>>

Tuesday, July 26, 2011

What is an IFrame Injection? Mass IFrame Attack Tutorial


Recently 90000 webpages infected by Iframe Injection attack.  Here i am going to explain what  IFrame Injection is.

What is an IFrame Injection?
Using IFrame tag, The Attackers injects the malware contain website(links) using Cross site Scripting in popular websites.  So if the usual visitors of that popular sites opens the website, it will redirect to malware contain website.  Malware  will be loaded to your computer, now you are infected
Continue   Reading>>

Sunday, July 10, 2011

cyber cafe security [Guest Post]


Now days people are always talking about system security even our government
also amend many cyber laws but can we say that everything is safe does we know

everything about our security.

According to me "NO" usually we are not aware that we left behind us our Important Information.  if someone want to use them theycan harm us badly.

Continue   Reading>>

Monday, June 13, 2011

How to Become a Penetration Tester/Ethical Hacker//Security Professional?


PenTesters

I have been asked for tips to become Ethical Hacker or Penetration tester via email.  So In this article, i am going to guide you to get into the Penetration Testing world.

If you are seeing this article, then it means that you already heard about Ethical Hacking and PenTesting.  Anyway, i just like to give small definition about Ethical hacking.

What is Ethical Hacking and Ethical Hacker?
Ethical Hacking, also known as Penetration testing, is the process of vulnerability testing or hacking the system with a permission from corresponding vendor.  Normally, organization who are in the need of security recruits Ethical Hacker or PenTester for improving their security.

Ok, let us come to the article.

How to Become an Ethical Hacker?


  1. Dedication : Dedication is the main key to become an ethical hacker. Don't plan to become pentester because of money.  If you really have interest, then go ahead.
  2. Reading :  Be a bookworm.  Try to read books related to computer and its architecture.  Buy books related to Security and Ethical hacking. 
  3. Know how hackers hack into: You can not solve the problem until you know what is behind the problem.  So you have to learn  method of hackers. How ??! Just read the articles provided in our site.
  4. Programming and Scripting: Learn Some programming or scripting languages because most of time you will need to write a code to break into a system.  Also, you have to know the coding for understanding how a system works,then only you can penetrate into.  Ok, which language?! My suggestion is C. I Love C programming.  It is one of best,powerful language and easy to learn.  Some peoples prefer python.  As far as i am concerned, once you learned one language, it is easy for you to learn any other languages. There are are plenty of online programming tutorial sites are out there. 
  5. Linux: Ok, it is time to switch from Windows to Linux.  Learn to work with Linux.
  6. BackTrack Linux Distribution: Backtrack Linux is one of the famous Penetration Testing Linux distribution.  This backtrack is funded by Offensive Security.  It has almost all penetration testing tools required for security professionals.
  7. Get Certification for Ethical Hackers:   Some organization recruits based on security certification.  You can learn and get ethical certification from your nearest center.  Search in google for these keywords "CEH","OSCP","security certifications".  Anyway, if you have dedication and confidence, you don't need a certificate and get into a firm easily.
  8. BreakTheSecurity: In BreakTheSecurity , i have written plenty of articles related to Ethical hacking and penetration testing.  Hope it will help you to get some knowledge.  Also, you can find the latest ethical hacking techniques here. 
  9. Forums: Participate in any Security or ethical Hacking related forums.  
  10. Need help?! feel free to contact me
Opportunities for Ethical Hacker
There are plenty of jobs available in government organisations, banks, financial institutions, military establishments and private companies. India requires more Ethical Hackers.
Continue   Reading>>
Older Post Home
 

© Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com