Blog Posts Tagged with "Servers"


Sidestepping Microsoft SQL Server Authentication

October 21, 2012 Added by:Brandon Knight

Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...

Comments  (2)


Mobile Infrastructure: The Elephant in the Data Center

August 25, 2012 Added by:Tripwire Inc

One area that seems to be ignored is the infrastructure that supports increasingly cloud dependent mobile devices, possibly due to many not seeing server exploits and defenses as anything new. However, as the popularity of mobile devices push services such as the iCloud, exposure increases exponentially...

Comments  (2)


Vulnerability Intelligence versus Vulnerability Management

July 30, 2012 Added by:Richard Stiennon

Hardening systems is one of the most important things you can do counter targeted attacks, yet most organizations have yet to operationalize the process. I understand how hard -and expensive- it is. And it is easy for an analyst to wave the flag of “Patch now!” So forgive me for giving hard advice...

Comments  (1)


Critical Vulnerability in SAP Message Server: A Worldwide Scan

July 04, 2012 Added by:Alexander Polyakov

Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...

Comments  (0)


Thirteen Tips to Secure Your Virtual Machine Environment

June 14, 2012 Added by:Brent Huston

Virtual environments are becoming more popular, enabling multiple OS environments and providing disaster recovery solutions. Safeguarding your virtual environment is vital, though it doesn’t have the same issues as a physical environment. Here are a few tips to keep things running smoothly...

Comments  (0)


A Tribute to Our Oldest and Dearest Friend - The Firewall Part 2

May 06, 2012 Added by:Ian Tibble

Nine times out of ten, when you ask to see firewall rules, faces will change in the room from "this is a nice time wasting meeting, but maybe I'll learn something about security" to mild-to-severe discomfort. Discomfort - because there is no hiding place any more...

Comments  (0)


FBI Overreaches with May First - Riseup Server Seizure

May 02, 2012 Added by:Electronic Frontier Foundation

Most troubling is the collateral damage. The search warrant authorized seizure of emails, communications, and files on the server, and records of IP addresses connected to the server. And the server was used by a wide range of people who had nothing to do with the bomb threats...

Comments  (5)


Oracle Releases Critical Patch Updates for April 2012

April 18, 2012 Added by:Headlines

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks...

Comments  (0)


Exploit for Liferay XSL Code Execution Released

April 11, 2012 Added by:Spencer McIntyre

Researchers are releasing a Metasploit module that can exploit a vulnerability in an open source web content management system called Liferay in the XSLT processing engine that is used to allow setting dynamic XML feeds to be displayed as content on a page...

Comments  (0)


Can DNS Attacks Threaten the Internet on a Large Scale?

March 27, 2012 Added by:Alan Woodward

This attack is theoretically possible because the DNS is a hierarchy. At the top level are 13 servers. Disrupt them and you could disrupt the entire DNS network. Authorities know this and they put a lot of effort into ensuring that the DNS network can cope with a DOS attack...

Comments  (3)


Running Apache? Beware of "Armageddon"...

March 19, 2012 Added by:Kevin McAleavey

"Apache Killer" exploits a vulnerability in the server by sending a specially crafted Range HTTP header to trigger a denial-of-service condition, and a single computer is capable of bringing Apache to its knees. A botnet full of these can result in "tango down"...

Comments  (0)


Apple Releases Multiple OS X Lion Security Updates

February 03, 2012 Added by:Headlines

Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities that may allow an attacker to execute arbitrary code, a denial-of-service, and bypass security...

Comments  (0)


How IPv6 and the Cloud Will Help Us be More Secure

October 17, 2011 Added by:Craig S Wright

Done correctly, IPv6 can make for extremely secure networks. By using Group Policy and a number of other tools with Linux or Mac it is possible to make a secure mobile network. It is more difficult under IPv4 due to the constraints on the protocol and the nature of DHCP (against DHCPv6)...

Comments  (2)


Securing Web Servers with SSL

August 31, 2011 Added by:Danny Lieberman

So where does SSL fit in? Well, we know that the vulnerabilities for a PHI data breach can not only happen inside any layer but in particular there are vulnerabilities in the system interfaces between layers. That means between server layers and client-server interfaces...

Comments  (0)


Apache Killer DoS Vulnerability Patch Released

August 31, 2011 Added by:Headlines

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server with a fix for handling of byte-range requests and avoid a denial of service. We consider this release to be the best version of Apache available...

Comments  (0)


Mitigating the Apache Range Header DoS Vulnerability

August 28, 2011 Added by:Mark Baldwin

A new Apache DoS vulnerability was reported by security researcher Kingcope on the Full Disclosure mailing list that affects most default installations of Apache 1.3/2.x. Fortunately, there are some configuration settings that can be adjusted to mitigate this vulnerability...

Comments  (1)

Page « < 1 - 2 - 3 > »