Join the God Side, Jesus is Coming…….

Archive for March, 2011

MySQL and Sun websites hacked using SQL injection

Source: thenextweek

MySQL.com, the official website of the database management system of the same name, was today subjected to an attack whereby hackers used SQL injection exploits to gain access to a complete list of usernames and passwords on the site.

News of the attack surfaced when the attackers posted details of the compromise on the FullDisclosure mailing list, publicly listing the contents of database tables used to store member and employee data, but also a small sample of user logins and password hashes.

Owned by Oracle, MySQL is used by millions of websites to store and deliver information, with some of the most popular online services and platforms including WordPress and Joomla utilising the software. Today’s attack was achieved using “blind SQL injection”, targeting MySQL.com, MySQL.fr, MySQL.de and MySQL.it, but also two Sun domains.

Naked Security reports that passwords were incredibly easy to crack, with the Director of Product Management’s WordPress password being set to a four digit number.

 

10 Awesome Google Tricks You Missed

Source: pcworld

Getting the most out of Google products such as Gmail, Docs, and YouTube is a must if you’re using them for business. However, the products are so packed with features that it can be hard to keep up. Here are 10 little-known features across various Google services that could change the way you work, or perhaps make life that little bit easier.

 

1. View All Kinds of Files Online

Google Docs Viewer is a neat little Website that lets everybody view files online, avoiding the need to download and open them manually. Despite its name, you don’t have to be a Google Docs user to access it. All you need do is visit Google Docs Viewer and enter the address of the file you want to view.

2. Send Somebody a URL to View a File Online

Another feature of the Google Docs Viewer Website mentioned above is that you can create your own URLs that point to files online, and send them to others so they can instantly view the file by clicking the link.

Just make the first part of the URL read as follows:  http://docs.google.com/viewer?url= Your FileURL

3. Add ‘S’ For Safety

Practically all of Google’s services can be accessed via HTTPS, which makes for a totally secure connection across the Internet–the same kind of connection online banks use. Just add an “S” to the http:// part of the address to make https://. For example, to view the Microsoft Word file mentioned above over a secure connection, you could type the following: https://docs.google.com/viewer?url=http://Yourdomain/dump/testfile.docx

4. Avoid Account Hijacking

To ensure that nobody but you ever accesses your Google account, you can have Google phone you with a confirmation code or send a SMS to your cell phone, every time you login. That way, even if somebody steals or second guesses your password, there’s simply no way they can access your account.

This security is known as a two-stage verification procedure, which you can set up here. Note that this service is still being rolled out and might not yet be available to you. Keep checking back, however, because the intention is for it to be available to all Google users.

5. Use Two Different E-mail Addresses

You might already know about Gmail aliases, which is to say, using periods or plus symbols to extend your standard Gmail address so you can filter for spam.

What you might not know is that you can use @google-mail.com as well as @gmail.com. In other words, if you normally use example.address@gmail.com for your e-mail, then you can also use example.address@google-mail.com , and the message will still reach you. You could use @google-mail.com when signing up to newsletters, for example, and create a filter rule within Gmail to sort any messages sent to that address into a spam folder.

6. See Who Last Accessed Your Account

Worried somebody’s been snooping on your Gmail account? By clicking the Details link at the very bottom of the Gmail page, you can view when, where and how your Gmail account was last accessed. The last 10 logins are listed.

7. Test Your YouTube Connection

Has YouTube been stuttering, or just a little slow? By right-clicking any video and selecting Take Speed Test or just visiting this speed-test link , you can compare your playback speed to others who use your ISP, as well as comparing it to the average speed for your city, and country. By clicking the Show Video Test link, you can measure your speed. Just look at the HTTP section in the information window at the top left of the video display to see how quickly you’re receiving the video file.

 

8. Drag and Drop

You can drag and drop files onto Gmail windows if using Chrome or Firefox.If you’re using Firefox or Google Chrome to access Google’s services, you can often drag and drop files onto the browser window if the Google product is one that works with files.

For example, when creating a mail message, you can simply drag and drop files onto the browser window to instantly attach them (you’ll need to “drop” them over the green Drop Files Here area). If creating a word processor document in Google Docs, you can drag and drop pictures into the browser window to place them on the page.

This doesn’t work with Internet Explorer, unfortunately.

9. See if Google Services Are Working

Ever tried to access one of Google’s services but you’ve been unable to? If you’re like me, the first think you’ll do is ask any colleagues nearby whether they can access the service. Well, no more. By visiting the Google Apps Status page you can see at a glance whether there are any problems, and if so, what the nature of the problem is.

10. Collaborate on Documents within Microsoft Office

If you’re not quite ready to take the plunge into working with Google Docs through your Web browser, you can download the Google Cloud Connect plugin for Microsoft Office, which is now freely available after a long period of testing. This allows more than one person to work on a Microsoft Office file that’s been uploaded to somebody’s Google Docs space. Any edits made by others are instantly reflected within the document, all within the standard Microsoft Office program window, and you have the added benefit that files are stored in Google’s cloud and revisions tracked.

 

 

 

 


 


Facebook Tip: Enable Encryption to Avoid Privacy Glitch

Source: networkworld

Yet another reason to take extra precautions while browsing Facebook arose today as reports surfaced that traffic destined for Facebook from AT&T’s servers took a misguided loop through China and South Korea this week.

Generally, data from AT&T customers go directly to Facebook’s network provider, but due to a routing mistake, traffic first went through China Telecom followed by SK Broadband in South Korea before routing to Facebook, IDG News Service reported.

This means that if you were among the customers affected and you did not have encryption enabled, it’s possible that network operators in China and South Korea could see your Facebook data.

One way to prevent this from happening to your account: Enable HTTPS.

In January, Facebook rolled out the HTTPS feature to all browsing done on the site, but it’s opt-in an not automatic setting. Previously, Facebook used HTTPS only when you entered in your password. You can see you’re browsing securely by the green address bar that appears.

To enable this security feature, visit your Account Settings page, then choose “change” next to Account Security. Click the box next to “Browse Facebook on a secure connection (https) whenever possible. Do note that encrypted pages take longer to load in this mode, and that not all third-party apps support https just yet.

 

 

Next Step for Airport Security: Scanners for Your Shoes

Source: wired

It might not be long before airport security will let you keep your shoes on, even if they do grope you.

The Transportation Security Administration announced this week that it’s accepting proposals for a “shoe scanner” device. It could be a way to cut down on the aggravations of airline travel while still allowing officials to check for weapons and explosives inside a terrorist’s Reeboks. The idea crashed and burned when the Department of Homeland Security first proposed it years ago.

The current push to acquire the devices kicks off on April 25, when would-be designers will have the chance to submit proposals for the scanners.

 

Spam Network Shut Down

Microsoft Corp. and federal law enforcement agents seized computer equipment from Internet hosting facilities across the U.S. in a sweeping legal attack designed to cripple the leading source of junk email on the Internet.

Microsoft launched the raids as part of a civil lawsuit filed in federal court in Seattle in early February against unnamed operators of the Rustock “botnet,” a vast network of computers around the globe infected with malicious software that allows its masterminds to distribute enormous volumes of spam, peddling everything from counterfeit software to pharmaceuticals.

In recent years, Microsoft has stepped up legal actions against a variety of Internet nuisances like spam that it believes inflict harm on its product and reputation. Spam taxes the servers of its Hotmail email service, and impacts the Internet experience of users of Microsoft software like Windows and Office. The malicious code used to form spam botnets often exploits security vulnerabilities in products like Windows.

Read more: http://online.wsj.com/article/SB10001424052748703328404576207173861008758.html#ixzz1Gz62hCdD

 

Security will rescue cloud computing

Source: networkworld

Service providers really have no option — they must do cloud even if they’re not quite sure what it is. The hype has made it inevitable. So most providers are cobbling together some sort of infrastructure-as-a-service (IaaS) offering. At first, theses IaaS clouds are offered as alternatives to traditional hosting, but all providers clearly expect IaaS to replace traditional hosting in all but the rarest of use cases. Should service providers be delighted about these developments? More likely terrified, if they really look at the economics of cloud.

Cloud computing may be hard to define but its economic characteristics are pretty clear: It represents the ultimate commoditization of computing, removing most if not all differentiation between offerings and turning all computing into homogeneous bundles of gigahertz, gigabytes and gigabits/sec. On top of commoditization, the cloud encourages the development of mega-scale data centers and enormous concentrations of processing. Economies of scale, combined with lean and mean operations will push cloud-computing providers into a relentless race to the … bottom.

So what is the role of security in all this? Security is like a liquor license to a restaurant — an opportunity to up-sell each customer with a high-profit margin product to balance out the dismal or loss-leading margins of the core product. Security is the single most profitable differentiator that a service provider can add to IaaS to have any hope of making money. Security is brand-sensitive, labor-intensive, infinitely customizable and difficult to scale.

 

59 Open Source Tools That Can Replace Popular Security Software

Source: itmanagement

It’s been about a year since we last updated our list of open source tools that can replace popular security software. This year’s list includes many old favorites, but we also found some that we had previously overlooked.

In addition, we added a new category — data loss prevention apps. With all the attention generated by the WikiLeaks scandal, more companies are investing in this type of software, and we found a couple of good open source options.

Thanks to Datamation readers for their past suggestions of great open source security apps.

There is a lot of commercial applications in comparison with freeware version,  so take a look.

 

Tag Cloud