RSS

Author Archives: Ashish Mahajan

Australia Post -Scam Alert

Scam alerts
There’s a variety of ways online attackers may attempt to gain your personal or financial information, or exploit you for financial gain.

Check this page regularly for updates on the scams targeting Australia Post customers.

http://auspost.com.au/about-us/scam-alerts.html?ecid=sm–tw—-brand-p5xmas–abt–cns—1411

Advertisements
 
Leave a comment

Posted by on November 13, 2014 in Security

 

Hackers Compromised Yahoo Servers Using Shellshock Bug

Attackers have figured out a way to get onto some of Yahoo’s servers via the Shellshock bug over the past few weeks. This may be the first confirmed case of a major company being hit with attacks exploiting the vulnerability in bash.
http://www.securityweek.com/hackers-compromised-yahoo-servers-using-shellshock-bug

 
Leave a comment

Posted by on October 8, 2014 in Security

 

How to Check if your Bash version is Vulnerable

HOW TO CHECK FOR VULNERABLE SHELL
Run the following command lines in your shell:
env X=”() { :;} ; echo nonvulnerable” /bin/sh -c “echo completed”
env X=”() { :;} ; echo nonvulnerable” `which bash` -c “echo completed”
If you see the words “nonvulnerable” in the output  then you are safe , error then your BASH is at risk.
 
Leave a comment

Posted by on September 25, 2014 in Security

 

Hoax notification email requesting Payment-on behalf of Telstra

I recently had this email coming from “Telstra Billing” as the theme, nevertheless when you check the email address it’s quite readable it’s not telstra..

Refer screensshot

Telstra

 
Leave a comment

Posted by on September 12, 2014 in Security

 

Firefox Addons for Security Professionals

  • TAMPER DATA

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.

Trace and time http response/requests.Security test web applications by modifying POST parameters.
FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.

https://addons.mozilla.org/en-US/firefox/addon/966/

  • SQL INJECT ME

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.
You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

https://addons.mozilla.org/en-US/firefox/addon/7597/

  • HackBar

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar and google.


# The advantages are:
Even the most complicated urls will be readable
The focus will stay on the textarea, so after executing the url (Ctrl+Enter) you can just go on typing / testing
The url in textarea is not affected by redirects.
I tend to use it as a notepad 🙂
Useful tools like on the fly uu/url decoding etc.
All functions work on the currently selected text.
MD5/SHA1/SHA256 hashing
MySQL/MS SQL Server/Oracle shortcuts
XSS useful functions
# Shortcuts
Load url ( Alt + A )
Split url ( Alt + S )
Execute ( Alt + X, Ctrl + Enter )
INT -1 ( Alt – )
INT +1 ( Alt + )
HEX -1 ( Ctrl Alt – )
HEX +1 ( Ctrl + Alt + )
MD5 Hash ( Alt + M )
MySQL CHAR() ( Alt + Y )
MS SQL Server CHAR() ( Alt + Q )

 

 
Leave a comment

Posted by on August 27, 2014 in Uncategorized

 

Tracing an IP Address Back to the Source

Tracing an IP address back to its location is a lot simpler now with many online tools like
http://www.ip2location.com/demo
http://www.yougetsignal.com/tools/visual-tracert/
You can also download Ip2location app from AppStore.

 
Leave a comment

Posted by on August 9, 2014 in Security

 

Microsoft Security Bulletin Advance Notification for August 2014

Tuesday 12th August (US time; Wednesday 13th August AU time) Microsoft expect to release nine (9) new security bulletins. Two (2) bulletins carry a maximum aggregate rating of Critical, and seven (7) are rated Important. These bulletins affect Internet Explorer on all supported versions of Windows, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, Windows RT 8.1, OneNote 2007, SQL Server 2008 SP3, SQL Server 2008 R2 SP2, SQL Server 2012 SP1, SQL Server 2014, SharePoint Server 2013, .NET Framework 2.0 SP2, .NET Framework 3.0 SP2, .NET Framework 3.5, and .NET Framework 3.5.1.

https://technet.microsoft.com/library/security/ms14-aug

 
Leave a comment

Posted by on August 9, 2014 in Security