Microsoft provides a tool for Windows Server 2008 that tests for security misconfiguration. It comes with a graphical interface and a command line interface for both local and remote scans. It looks for vulnerabilities, performs assessment checks, and checks SQL Server 2005. In addition to Windows Server 2008, MBSA runs …
Read More »Anonymous web hosting
Is there such a thing as anonymous web hosting? For those looking to host website content that is controversial or possibly illegal in their respective jurisdictions, many “anonymous web hosts” have popped up. Often located in far-flung reaches of the world, these companies promise to keep your identity secret– for …
Read More »3 tools to keep your website secure, accessible, and fast
Whenever you start a new website, you want to make sure everyone can see it, that it loads quickly, and that hackers can’t bring it to its knees. Here are a few useful web tools to make sure you cover all three: 1. Accessibility. A-Checker – An accessibility testing tool. …
Read More »Find security holes in web applications with Powerfuzzer
Any security-minded system administrator has heard of cross site scripting (XSS). It might even keep you up at night, but there are steps you can take to identify vulnerabilities in your websites and deal with them. One method of finding vulnerabilities is to use fuzz testing (the insertion of random …
Read More »Domain scammers take advantage of Haiti earthquake
Millions from around the world have donated to help earthquake victims in Haiti. With people so readily giving money, it’s no surprise that domain scammers are trying to take advantage of the situation. As is the norm after all disasters in the Internet age, unscrupulous con artists are registering domains …
Read More »SELinux: Extra security protection
SELinux stands for Security-Enhanced Linux and is a comprehensive feature of Linux that allows system administrators to control security access policies with highly advanced modules in the Linux kernel. It can be applied to any Linux distribution and comes installed by default on some. It was originally based upon projects …
Read More »Hide Apache version from outside requests
Question: Is there a way to hide the version of Apache running on my server? Answer: Yes, there certainly is, and there is a good reason to do so. While the version of Apache running on your server might be inconsequential to the average, it could be ammunition in the …
Read More »How to use Apache to deny access to certain directories
In the past, we explained how to deny access to a file or directory with the allow/deny Apache server directive. There are, however, two other ways to do it that may be more to your liking. The allow/deny directive displays the 403 Forbidden page or whatever you have in its …
Read More »FTC to look into security and privacy of cloud computing
America’s Federal Trade Commission will hold a roundtable discussion later this month on the privacy and security of cloud computing. Social networking and mobile computing will also be covered. David Vladeck, director of the FTC’s Bureau of Consumer Protection, stated in a letter to the government agency: …the ability of …
Read More »PhpSecInfo: PHP security information tool
Allowing access to any type of scripting on your web server opens the door for security problems. You never know when an attacker might randomly (or purposely) select your server as a target. Any running scripts have the potential for exploitation. PHP is no exception, and taking steps to secure …
Read More »