|
|
|
Discount software - secrets revealed
What's the catch with discount software? Is it a scam? How come you can buy a
popular software title having up to 20% discount of the initial price?
There are several popular titles, and I'm talking about all sorts of titles,
that are used...
gomembers’ software modifications provide the energy behind Society of Petroleum Engineers
[Herndon, VA] gomembers, Inc., (http://www.gomembers.com) announced that the Society of Petroleum Engineers (SPE: http://www.spe.org/spe/jsp/homepage) has elected to have gomembers engineer modifications to their gomembers’ association+® software...
Kill The Messenger (Service)
You are familiar with the software applications that you run on your computer, but you may not be familiar with the dozens of programs running in the background on your computer. These programs, called "services" handle tasks like event logging,...
Reporting For Microsoft Great Plains/dynamics/eenterprise: Rw – Reportwriter – Tips For Developer
Microsoft Business Solutions Great Plains is written in Great Plains Software programming tool: Great Plains Dexterity. Dexterity in turn was built with conception of graphical cross-platform transferability (in time – 1992 – mostly Mac and MS...
What Is Wardriving And How Can You Prevent It
Imagine a car equipped with nothing more than a laptop computer, a portable GPS receiver, and a wireless network card slowly strolls through your neighborhood. Unknown to any onlookers, this is no ordinary vehicle; rather, it is a wardriving...
|
|
| |
|
|
|
|
|
|
Site Defacements
A valid fear every webmaster faces is the defacement of their site. According to the Computer Security Institute (CSI), 2005 Computer Crime and Security Survey, web site defacements are the “fastest-growing” area of incident. A check of Zone-H.org seems to validate the finding with a display of over 750 sites defacement for a single date (8/15/2005).
To address defacements, it is first important to understand how defacements occur and what can be done to prevent them. Generally, sites can be vulnerable due to undisclosed vulnerabilities in vendor software, a missing security patch, misconfiguration, and/or bad site programming. Any of these vulnerabilities could permit an attacker to gain access that would allow defacement.
While not much can be done concerning undisclosed vendor vulnerabilities, the other causes are correctable. When vendor security patches are released, install them quickly. When patches are released, many attackers are reverse engineering the patch to discover the vulnerability being addressed. It is not uncommon to find exploit code published on the internet within 48 hours of a patch’s release.
Verify your server and site configurations. Specific areas of concern are normally FTP upload rights, site publishing rights, server login privileges, open ports and passwords. Delete or seriously restrict the ability of people to anonymously upload files. Check for the use of default passwords and for ones that can be easily guessed. Double check your systems open ports and the publishing rights of your web server software. Numerous companies offer free products or free initial vulnerability scans that can confirm your system settings. Using the search engine term “free vulnerability scanning” will yield dozens of companies and products.
Check your site code to verify errors and unintended data are being dealt with correctly. Regardless of what a visitor does,
input should be validated and all errors should return a graceful message. A few areas to check: are your pages vulnerable to buffer overruns due to incorrect data being entered; are your pages vulnerable to SQL or scripting code injection; does your error messages reveal sensitive information such as connection strings, passwords, or system information?
Establish a schedule and process to monitor system changes, configurations, and code. While researching this article, I noticed a Zone-H posting that a Microsoft United Kingdom site was defaced. While the attacker did not publish how the attack was executed, it is safe to assume configuration played a large role. Software features change with each patch applied, mistakes happen and code changes.
The CSI report points out that the dollar losses caused by web site defacements are actually very low in relation to losses suffered by viruses and the theft of proprietary information. The report goes on to state that “losses (such as the lost future sales due to negative media coverage following a breach)” were not largely represented in the cost figures. I believe that most victims of site defacements will agree that embarrassment far outweighs the dollar loss suffered.
When considering defacement strategies, web site monitoring services should also be considered. Many monitoring services offer the ability to check for the existence of keywords or page changes. While monitoring services will not prevent defacements, site monitoring will at least alert you of the event. Hopefully, before you suffer negative media coverage.
Lew Newlin is CTO of SiteRecon, a provider of internet email monitoring and web site monitoring services for business.
|
|
|
|
|
| Tucows Downloads - Download Freeware and Shareware Software |
| Download freeware, shareware, and demos. Maintains over 45000 software titles that are tested, rated, reviewed and ready to download. |
| www.tucows.com |
|
| Free Software Downloads and Software Reviews - Download.com |
| Download shareware, freeware and Demo software for PC, Mac, Linux, and Handhelds categorized into categories, plus software reviews. |
| www.download.com |
|
| Computer software - Wikipedia, the free encyclopedia |
| This includes application software such as a word processor, which enables a ... Application software is often purchased separately from computer hardware. ... |
| en.wikipedia.org |
|
| Shareware.com - Search for shareware programs and free software ... |
| Search for shareware programs from more than a dozen downloadable software directories. |
| www.shareware.com |
|
| Jumbo: Free & Shareware MP3 files, Games, Screen Savers & Computer ... |
| Source of free and shareware computer programs and utilities for PC and Mac. Evaluate software and read product reviews. Download games and screen savers. |
| www.jumbo.com |
|
| Computer Software in the Yahoo! Directory |
| Browse categories featuring sites devoted to computer software, including shareware and freeware download sites, operating systems, desktop customization, ... |
| dir.yahoo.com |
|
| IEEE Software |
| IEEE Computer Society's magazine covering all aspects of software, including software engineering. |
| www.computer.org |
|
| Free Downloads on ZDNet | Shareware, Trialware, Evaluation Software |
| ZDNet's Software Directory is the Web's largest library of software downloads. Covering software for Windows, Mac, and Mobile systems, ZDNet's Software ... |
| downloads.zdnet.com |
|
| FSF - The Free Software Foundation |
| Free software is a matter of liberty not price. Think of "free" as in "free speech". |
| www.fsf.org |
|
| Apple - Software |
| Software products for your digital life. ... The perfect addition for professional review. QuickTime Broadcaster. Encoding software for live events. ... |
| www.apple.com |
|
| Open Directory - Computers: Software |
| In Partnership with AOL Search. about dmoz | report abuse/spam | help. the entire directory, only in Computers/Software. Top: Computers: Software (38471) ... |
| dmoz.org |
|
| freshmeat.net: Welcome to freshmeat.net |
| About: The Web browser is probably the most frequently used software today, ... Web professionals can use the software for functional testing and regression ... |
| freshmeat.net |
|
| Software - GNU Project - Free Software Foundation (FSF) |
| Listing of the GNU software packages. |
| www.gnu.org |
|
| Sun Software |
| Get enterprise-class software--Solaris 10 OS, the Java Enterprise System, ... Sun Java StorageTek Software reduces cost and complexity with a single, ... |
| www.sun.com |
|
| Internet Real Estate.com -- owns and operates a portfolio of the ... |
| SOFTWARE.COM · SWEEPSTAKES.COM · PHONE.COM PODCAST.COM ... Software.com | Sweepstakes.com | Phone.com | Podcast.com | Shop.com | Safety.com ... |
| www.internetrealestate.com |
|
| Joel on Software |
| A weblog by Joel Spolsky, a programmer working in New York City, about software and software companies. |
| www.joelonsoftware.com |
|
| Amazon.com Software: Computer & video games, business, accounting ... |
| Online shopping for computer & video games, business & office productivity software, software from Microsoft, Apple, Adobe & more; accounting, antivirus, ... |
| www.amazon.com |
|
| IBM Software - Home Page |
| IBM home page for all of its software products, including Lotus and Tivoli, with keyword search, category browse and AZ product names. |
| www.ibm.com |
|
| Opera web browser: Homepage |
| Copyright © 2006 Opera Software ASA. All rights reserved. Skip navigation. Opera Software ... Copyright Opera Software ASA . All rights reserved. ... |
| www.opera.com |
|
| Google Directory - Computers > Software |
| Search only in Software Search the Web ... Software Categorized by Letter: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ... |
| www.google.com |
|
|