Thursday, August 25, 2011

5 Most Effective Website Security Tips

Proper security of your website is of fundamental importance. Whether you are a web-master or a website user, it keeps your nerves calm and gives you the feeling of being secured. With the increase of online competition and the availability of cheaper web hosting, one can find profusion of websites on the internet. But with cheaper web hosting availabilities, the risk has also increased. It is generally found that people don’t understand that saving some bucks by cutting down the security related costs don’t really do any good rather it creates further trouble as their vulnerability increases and it is the main reason why there is an alarming increase in the intrusion of various sites by the hackers.
Well, don’t get unnerved as here you’ll get to know 5 Most Effective Website Security Tips:-
1. Assessment of the Vulnerability
You need a Vulnerability Scanner to assess the vulnerability of your site. It is a tool that checks out a system or network and finds out all possible weaknesses and creates a report along with feedback that can then be used by the administrator. Vulnerabilities related to various web applications like firewall security violation, SQL injection, XSS security breach. Special scanners are available for the assessment. One very popular open source scanner is Nikto. One can also think of using Acunetix Vulnerability Scanner.
2. Testing the Penetration
This is a kind of security testing which involves deliberately planned attack on the website in order to test the security of the site. This is the most recommended step to be carried out by the commercial websites. Howsoever smart the security be, it can never be full-proof as there are several cunning minds who use equally cunning software to break down the security measures like c99 madshell script written in PHP is one such clever script that smartly breaks away the security of WordPress web hosting.
3. Web Application Firewalls
Web Application Firewalls are expensive but efficient applications that keep the websites well secured. Larger and more advanced websites essentially use these firewalls.  These are designed in such a way that they finely tune the web application and keep a constant check on the HTTP traffic and the leakage of data by being positioned in between the client and server.
4. Tools for Client Security
Safety of a server can always be well managed by the web masters yet risk management should not be neglect and must be kept in top priority because one doesn’t know what may happen in the future. Thus, it is important for the webmaster to advise the clients to use some browser based security tools that will save them from any kind of loss. XSS me Firefox add on; inbuilt XSS filter for Internet Explorer 8 are some such security tools.
5. Application Whitelisting
Application Whitelisting is a kind of whitelisting in which only the authorized applications are allowed to be executed, interpreted, or run. This way all the doubtful looking applications are kept away and any unauthorized changes are soon detected thereby maintaining the safety.



Source :  http://blog.freesoftz.com

Tracing an Email Address with the Help of Header

Many a times we feel like tracking out exactly where from an email has come or at least make out the IP address of the person who sent the email. Now is it really possible? Yes, it is indeed. It is very much possible to track the person sending emails to you. And here you’ll see how to have it done:-
How to Track and Email?
You can easily track an email and for this you will need to take the help of Email header and will have to use some special tool for tracking the email such as Email Tracer Tool, which is a smart little tool that can track the email sender’s identity. What this tool actually does is that it analyzes the email header and on the basis of this analysis, it gets you the complete details regarding the sender. The details include facts like the IP address which is the major factor in seeking the sender out, the route that the mail followed, the Mail Server, Service Provider’s details, etc.
What exactly is this Email Header?
Email header is that little piece of information which gets dispatched along with every email sent on the web. It contains all the necessary information related to the sender, the receiver to whom the mail is addressed to, the subject of the mail, the date, type of mail, its route, etc. And all this information is used for tracing the path followed by the email and the location of the sender.
How can the Email Header be extracted?
Email Header can be extracted by following some simple steps which are different for different email services. For this you need to checkout out at Cyberforensics.
How to Trace Email with the help of E-Mail Tracer
First, go to the home page of Cyberforensics and have the email header extraction done. Now finally when you have extracted the email header, click open the Email Tracer right under the navigation menu placed in the left side. Simply copy and paste the email header and click on the “Start Tracing” option.
This will get you the path traced by the email.


Source :  http://blog.freesoftz.com

Monday, August 1, 2011

Apple updates iOS to 4.3.5


Apple, in its constant struggle against hackers and jailbreakers, is constantly updating its mobile iOS platform with security fixes, plugging the holes hackers use to unlock the platform.
The latest security fix, iOS 4.3.5, is the fifth such security fix since the 4.3 update was released back in March. This is the second iOS update in two weeks, the last being iOS 4.3.4 just ten days ago (which was released to fix a nasty PDF exploit).So, what is the reason for this latest update? A fix for a security flaw that might allow “attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS”. For the less tech-savvy, hackers who may happen upon the network you are currently on could potentially store or change your data even if it is heavily encrypted.While the last patch broke the one-click jailbreaking tool JailbreakMe, this patch seems to have no effect on jailbreakers, and the method that worked in 4.3.4 (tethered redsn0w) still seems to work.

Source :  http://www.digitaljournal.com