Security Showdown

Graph source, http://blogs.zdnet.com/security/?p=135 A recent study by ZDnet reveals Vista has way lesser vulnerabilities and high fixes rate as compared to other OSes like RHEL, MacOS. Vista, is what i would imagine, a begining to what will be of the security enabled operating systems, come … “Security Showdown”

Read More

Hashbreaker

5b69d4f5b5e7929b5c593e1d63cfc078 – Thats “password” in MD5digest. How to crack more hashes? Try www.hashbreaker.com. Register very quickly and use their free version. If you like it, use their paid service. They use Rainbowtables at the backend, which is an open source hash cracking tool available with … “Hashbreaker”

Read More

Windows IPSEC

I was doing lots of testing using IPSEC over the weekend (yea, don’t have a life). I must say, in Windows client and server environment, it’s really simple to implement it. Unlike popular application, IPSEC can be centrally deployed and managed in Windows through Group … “Windows IPSEC”

Read More

Top 5 reasons why i would like to implement ISA Server 2006 as my outgoing proxy/firewall

ISA Server is the ONLY FIREWALL THAT I KNOW today that supports authentication for almost all WINSOCK compliant protocols if you use Windows Operating System. 2. ISA Server stores frequently used caches in memory 3. ISA Server contain out of the box a bunch of … “Top 5 reasons why i would like to implement ISA Server 2006 as my outgoing proxy/firewall”

Read More

Multiple Vulnerabilities with Cisco’s PIX and ASA

There’s a possible bypass for authentication when LDAP is used for Chap/MsChap in Cisco’s VPN. An attacker can access your internal network without providing authentication at all. This is quite serious to those running LDAP on PIXes and ASAes. So far, as i can remember … “Multiple Vulnerabilities with Cisco’s PIX and ASA”

Read More

URGENT! – Serious security flaws with all Microsoft Exchange versions

In a recent ISA Server 2006 Level 400 class, we discussed a vulnerability on Exchange server that could lead to remote code execution. The particular remote attack is listed in CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213 and rated high in it’s severity. If you have customers or run Exchange … “URGENT! – Serious security flaws with all Microsoft Exchange versions”

Read More

Vulnerabilities on Quicktime and Asterisk

Was doing some reading on my frequently accessed security page, SANS and found these two vulnerabilities that should be of mention. These two software i use well, often, like Quicktime (for my ITunes) and Asterisk (for my mobile VoIP support). Quicktime- A vulnerability that allows … “Vulnerabilities on Quicktime and Asterisk”

Read More