Posts Tagged with "security"

SQL injections. Preventive security.

Posted by Stanislav Furman on June 19, 2019

With this article I want to start a series of articles about web applications security. This topic is truly interesting, sometimes challenging and, of course, very important for any web developer. Even if you think that your website is small and is not attractive to hackers, keep in mind that your website, if it is vulnerable, can be used to trick random users or even attack an external system. For example, using a security hole in your system an attacker can spread an exploit.

In this article I will talk about preventive measures against SQL Injections (aka SQLi). Those are preventive measures that may help in case you have legacy code, or someone in your team accidentally (or blindly) writes code vulnerable to SQLi.

Continue reading

HipChat was attacked, some data may have been leaked

Posted by Stanislav Furman on April 23, 2017
HipChat published a security notice about an attack and leaked data

Worst passwords ever

Posted by Stanislav Furman on February 14, 2017
See the worst passwords ever and never make this mistake

Spam with animated email subject

Posted by Stanislav Furman on January 23, 2015

Yesterday received into my Gmail inbox a couple of SPAM messages with animated email subject! Didn't it's possible, have never seen it before...

From very first look it seems like a big secirity whole in gmail!

Interesting...


Russian hackers steal 1.2 billion user credentials. Is this true?

Posted by Stanislav Furman on August 6, 2014
Did Russian group of hackers steal 1.2 billion usernames and passwords? I doubt so...

Securing a directory with 777 or 775 permissions

Posted by Stanislav Furman on July 6, 2014

If in your project you have a publicly accessible directory that has full permissions (777), then it may cause serious security issues. An attacker may put an executable script or binary on your host and then run it remotely. This is a major security whole and it may lead to major problems if someone decides to attack your website.

However, sometimes on some shared webhosting servers you need have a folder that has risky 777 permissions (or, if possible, 775 which is a little bit better). As an example you can consider a folder where website users can upload their photos or images. In this case it opens a security whole for potential attackers. But, there are a few techniques that can help you to keep your website safe.

Continue reading

Ebay asks its users to change passwords

Posted by Stanislav Furman on May 21, 2014

Ebay asks its users to change passwordseBay Inc., the world's largest Internet auction site, just reported a successful attempt of a hacking attack on its servers. Hackers gained access to that part of the eBay database, where website users store their password hashes. The company's specialists claimed that personal data and financial information remains inaccessible to hackers - that type of data is kept separate and well encrypted.

According to the preliminary investigation, the results of which were published on the corporate blog, the attack happened in late February / early March of this year. Hackers gained access to stored user names, password hashes, emails, home address and phone numbers, as well as dates of birth. 

It's been reported that within next 24 hours eBay users should receive an official notification with information about the attack and recommendations on how to reset password on all eBay websites where the user has used the same password.


IE users risk having their computers hacked and taken over

Posted by Stanislav Furman on April 28, 2014

pic_ie128.jpg

There is a major security whole affecting several versions of Internet Explorer has been discovered recently. 

Microsoft has announced that Internet Explorer versions from IE6 to IE11 are all vulnerable to a glitch that could be used by hackers to get remote access to a victim’s PC.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs." , - Microsoft stated in their official press release.

According to W3Schools web browser usage stats this security issue may affect on 1 from 10 Internet users.


Unix shell commands to detect a DDoS attack and its source

Posted by Stanislav Furman on April 25, 2014
5 Unix shell commands to check if your server is under DDoS attack and its source

This password is already in use. Old school security fail.

Posted by Stanislav Furman on April 23, 2014

Believe you or not but such fails have been seen! :)

Hopefully, these days you won't see such a message anywhere. LOL