Security
more_horiz
close

on 18th April 2018 / by fathimath.sajila
The two industry-wide security vulnerabilities named Meltdown and Spectre are hardware bugs that can allow hackers to steal sensitive information such as passwords, encryption keys from the memory of other programs. They work in different ways, affect different processors from Intel, ARM, and AMD, and require different fixes. What to do to protect against Meltdown and Spectre? To protect yourself, update your operating system software as patches are released by vendors and continue to monitor communications related to the Meltdown and Spectre vulnerabilities. Current Patch Status As of now, no distributions are yet fully patched. Distributions that have released kernel updates with partial mitigation (patched for Meltdown AND variant 1 of Spectre) include: CentOS 7: kernel 3.10.0-693.11.6 CentOS 6: kernel 2.6.32-696.18.7 Distributions that have released kernel updates with partial mitigation (patched for Meltdown) include: Fedora 27: kernel 4.14.11-300 Fedora 26: kernel 4.14.11-200 Ubuntu 17.10: kernel 4.13.0-25-generic Ubuntu 16.04: kernel 4.4.0-109-generic Ubuntu 14.04: kernel 3.13.0-139-generic Debian 9: kernel 4.9.0-5-amd64 Debian 8: kernel 3.16.0-5-amd64 Debian 7: kernel 3.2.0-5-amd64 Fedora 27 Atomic: kernel 4.14.11-300.fc27.x86_64 CoreOS: kernel 4.14.11-coreos How to Apply Updates? Its good to apply updates as they become available instead of waiting for a full patch set. This may require you to upgrade the kernel and reboot. Below are the four steps to follow to update. 1. Update your system software once patches are available. For Ubuntu and Debian servers, you can update your system using the command sudo apt-get updatesudo apt-get dist-upgradeFor CentOS servers sudo yum updateFor Fedora servers, use the dnf tool instead: sudo dnf update2. It is highly recommended to take a backup or snapshot of critical data before making changes to a production system 3. Reboot your server using the command regardless of the operating system sudo reboot 4. Log in and check the active kernel to ensure that your kernel has been upgraded. Update and stay protected! Security Leave a reply Your email address will not be published. Required fields are marker *
more_horiz
close

on 17th January 2018 / by webmaster
Authors: Abhinand Gokhala K., Harikrishna Kelappurath Sometimes when you try to open your Facebook profile it opens without asking username or password. It might have been because you logged in previously and forgot to log out. Did you ever try to understand why this is happening and it's significance? It is because something is stored in your browser and is sent to the server when you accessed it again. So something which is highly confidential is stored in your web browser. What will happen if someone stole those details? If someone gets that detail he could access the profile, this is called session hijacking. This can be better explained using the scenario of the hospital system, i.e patient as the client, the hospital, doctor and the whole medical system can be considered as the server. First time when the patient takes an appointment, a token will be given to him and the case record with that token id will be retained in the hospital itself. Now whenever the patient visits a doctor, the doctor will get the previous health details of the patient with that token id from the hospital records. Hospital systems identify each patient using their token id. So anyone can get the treatment details of the patient using the token id of that patient. This is the real-life session hijacking situation. And we can also say that here token id, hospital system and patient are referred to as session id, server, and client respectively. In this article we are going to explain what is session hijacking and how it is possible. Before that let’s look at some of the key terms used here. What is meant by a client? People sometimes mistakenly assume that the client referred to here is the person who sits in front of a computer system. But for a server, a web browser in a system is one client. For instance, consider two computer systems A and B. Firefox in A and Firefox in B are different clients. Firefox in A and Chrome in A are also different clients. What is Session Information and Session ID? The necessary information about a particular client stored on the server side is called Session Information. Session information is secure inside the server. From the server side, we can create session information with a unique id, this unique id is called session id. After creating a session, the session id is sent to the corresponding client. The client stores the session id as a session cookie. All further communication between the client and server includes sending the session cookie value from client to server. For example, if you log in to a web application the following process will happen. Client sends a request to login to the application with username and password. Server creates a unique id (Session id) then creates a file with that session id as file name. Server saves necessary data about the client in the created file, for example: User id of logged user. Server sends that unique id to the client for storing that unique id as cookie. If the client accesses the profile page of that application, the web browser sends the stored cookies with that request. Server checks whether the session file corresponding to the session cookie value is present in the server. If session file is present, the server reads information in that file. From that the server will get the logged user id. Then server sends requested information related to that user id to the logged user. Similar to the above process, for all requests, the client will pass session cookie value to the server. For a general understanding This is a session file created on the server. PHP session files are stored in ‘/var/lib/php/sessions’ in default. Here filename is the session id which are random characters followed by ‘sess_’. In the session, the data is stored in the following format ‘data name|type: length: value’. In the above picture two data are stored, user_id and admin. In the case of user_id, the type is i(i denotes it is an integer value and s denotes string), length of the value is 1. And value of user_id is 1. This picture shows the cookies stored in one such web browser. In the developer tool option, you can see the different types of cookies stored in the browser. What is Session Hijacking? Session hijacking is mimicking a different person by using that person’s session id. That is, if person A gets the session cookie information of person B and A stores that cookie in his web browser manually (similar to how B has stored the cookie in his browser). Then A can get the same access of B if that session file is present in the server. This is called session hijacking. Video on Session Hijacking How is Session Hijacking important? Consider that a hacker gets the session cookie value of the bank application of a person, the hacker can get full access to that person‘s profile from the bank application. It is a big threat. There are various ways in which session hijacking can be prevented. The preventive measures from the server side include cookie’s validation, cookie regeneration, session timeouts. Despite all these, there are limitations to what can be done from the server side. Complete prevention can be ensured only from the client side by making sure that the cookie value is kept safe through anti-malware software and by always logging out after usage. XSS is one of the main methods used by hackers to steal cookie value from other clients. To prevent XSS type of attack, developers can use HTML entities in the front end view of websites. This makes the data entered by users to always pass through functions to convert to HTML entities before it is shown in the front end view. In this way we can avoid XSS attack. We will cover XSS in detail in another article. Are you concerned about the security aspects of your website development?We can help you! Web Security Security Leave a reply Your email address will not be published. Required fields are marker *
more_horiz
close

on 30th August 2017 / by abhinand.gokhala
‘Spider - SQL Injection Detection Tool’ is a web application testing tool. This tool is developed for testing security of PHP projects. This testing tool recursively reads and tests every GET and POST requests of the project and identify SQL injection holes. The objective of ‘Spider’ is to close the way of SQL injection attacks in web application projects. Attacks against web application layers have been increasingly being monitored in the last few years by security professionals. There has been a marked 70% vulnerability report for web applications. These applications often handle sensitive data for many users and thus are prime targets for the attackers. Therefore it is important to ensure the security and privacy of these web applications. According to the Open Web Application Security Project(OWASP), injection attacks top the list for the top ten web vulnerabilities, in which SQL injections bearing a major chunk. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit security vulnerability in an application's software. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Source Generally when an application is communicating with the backend database, it does so in the form of queries with the help of an underlying database driver. This driver is dependent on the application platform being used and the type of backend database, such as MySQL, MSSQL, DB2, or ORACLE. A generic login query would look something like this: `SELECT Column1, Column2 FROM table_name WHERE username=’$username′ AND password=’$password′; We can split this query into two parts, code section and the data section. The data section is the $username and $password and quotes are being used around the variable to define the string boundary. A SQLI vulnerability results from the application’s use of user input in constructing database statements. The attacker invokes the application, passing as an input a (partial) SQL statement, which the application executes. This permits the attacker to get unauthorized access to, can contaminate the data stored in a database. To prevent this attack, applications need to filter the invalid input values that are used in constructing SQL statements, or else reject potentially dangerous inputs. Scope It is very difficult to identify SQL injection holes without any tool. So even tester will miss this large mistake of Programmer. If they do not identify the programmer’s mistake then the company will face large losses. If testers use this ‘Spider’ testing tool then they can easily identify the programmer's mistake and increase the quality of the product. Why Spider Testing Tool? There are so many online SQL injection detection tools available in the market but they fail to detect holes when the testing page is redirected or the error reporting is off. Actual strength of the chain is the strength of weakest link in the chain, software security is the same if we miss one hacking hole then the security of that software is zero. The online SQL Injection testing Tools detect SQL injection holes by reading and comparing the HTML content of the project. ‘Spider’ follows a different approach to overcome this problem. Tools can never provide 100% protection guarantee because hackers keep trying new ways to break the wall. The one thing we have to do, if a hacker breaks the wall is to study the hacking method and close that hole. Approach A person can identify SQL injection holes manually by adding query characters in GET or POST requests then we get a query error message with page content, from this error message we get the secret details of the database. Example of error message: Our tool uses a different way to identify SQL injection holes because if we use these manual method then it will fail in the case of ‘Error Reporting’ being off or there is any redirection. To overcome this situation we use another method. Our tool will try to inject an update query in each GET and POST field, if this injected update query successfully executes then we can say that SQL injection is possible through that field. Workflow:- Step1: Copy project folder to temporary path Step2: Change single query function to multi query in all project Step3: Create sqlinjectionstatus table in the DB of the given selected project Step4: Read the URL of the project Step5: Read the HTML content of the URL throw HTTP using curl Step6: Convert HTML content to string Step7: Repeat ‘Step 8’ until the string contain no other requests (GET or POST) Step8: Insert the request details to ‘sqlinjectionstatus’ table with the ‘injection_flag’ is 0 Step9: Create ‘injection_flag’ changing SQL injection string for each request Step10: Send request with sql injection string throw HTTP using curl Step11: Fetch records from sqlinjectionstatus table Step12: Display status of each requests of given URL SQL injection string for changing the ‘injection_flag’ of sqlinjectionstatus table:- ‘; UPDATE `sqlinjectionstatus` SET `injection_flag` = 1 WHERE `url` = ‘<URL>’ AND `method` = ‘<POST OR GET>’ AND `request_name` = '<Request Name>' -- “; UPDATE `sqlinjectionstatus` SET `injection_flag` = 1 WHERE `url` = ‘<URL>’ AND `method` = ‘<POST OR GET>’ AND `request_name` = ‘<Request Name>’ -- ; UPDATE `sqlinjectionstatus` SET `injection_flag` = 1 WHERE `url` = ‘<URL>’ AND `method` = ‘<POST OR GET>’ AND `request_name` = ‘<Request Name>’ -- %bf%27; UPDATE `sqlinjectionstatus` SET `injection_flag` = 1 WHERE `url` = ‘<URL>’ AND `method` = ‘<POST OR GET>’ AND `request_name` = ‘<Request Name>’ -- These queries try to inject through each requests using CURL, if the `injection_flag` value is changed to 1 then we can say that the SQL injection is possible through that request. Solutions and Result There are many different type of SQL injection holes. Some holes are small, its very difficult to execute injected update query throw smaller hole. So need more case checking and time to identify small SQL injection holes. While checking, our tool does not know what is the actual size of the hole. For this particular situation, the 3 options are Approach the situation with an assumption that all holes are small (worst case) and check all cases and inject update query. Understand query and hole then try to inject update query. Change all the holes into bigger then try to inject update query. The first two options need more time of execution to get results, the existing tools identify SQL injection holes from the HTML of error content. Though faster it is not accurate. Our aim is try to develop a faster and accurate one. So I chose the third option. In this we can reduce checkin cases and execution time. For example, consider a man standing 50 m away from a wall and trying to count the number of holes in the wall, obviously he/she will miss the smaller holes. Hence he/she will need to put more effort for counting the smaller holes. If the holes are of similar big size, then he/she can easily count holes without using any binoculars. Our situation is similar to the above mentioned scenario. How to change small SQL injection holes to bigger? SQL injection holes size depend on the SQL query. SQL injection hole in multi query ( multi_query) is a bigger one because we can easily inject and execute other queries through this hole. So before checking this change all single query of the project to multi query. In this way all existing SQL injection holes change to same type and size then we can easily check if SQL injection is possible or not with in lesser time. Workflow The system works as follows. The user inputs the domain name, the database name in the db name field, the host name in the host field, gives the database user name, database password and submits the details to the system like this. After submitting the details, the system verifies the credentials given and connects to the corresponding database. The entire project will be copied by the system for testing. Then, give the URL of the page to be tested for SQL injection and submit it to the system. The system will check every input field for SQL injection and will give a detailed output to the user including which are the fields that is vulnerable to the SQL injection. The system is even capable of scanning web applications which create sessions for different users. In which when the URL of the session creation page is entered along with the login details will give the page details in the Page URL. It detects the SQL injection vulnerable requests in that page. Like this For the basics:-SQL Injection Basics Using PDO prepared statement is the best way to prevent SQL injection. To know more, get in touch with us! Security Web Security Database Security SQL Injection Leave a reply Your email address will not be published. Required fields are marker *
more_horiz
close

on 14th August 2015 / by sarika.k
Secure Copy (scp) allows files to be copied between, to or from different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh. It has some exit status, 0 on success, and if an error occurs it uses >0. I used some scp options in my Ubuntu terminal. Here I am sharing some information about scp options that are used in Ubuntu - terminal. Copy the file "sample.txt" from a remote host to the local host$ scp your_name@remotehost.edu:sample.txt /some/local/directory Copy the file "sample.txt" from the local host to a remote host$ scp sample.txt your_name@remotehost.edu:/some/remote/directory Copy the directory "sample_1" from the local host to a remote host's directory "sample_2"$ scp -r sample_1 your_name@remotehost.edu:/some/remote/directory/sample_2 Copy the file "sample.txt" from remote host "rh1.edu" to remote host "rh2.edu"$ scp your_name@rh1.edu:/some/remote/directory/sample.txt \ your_name@rh2.edu:/some/remote/directory/ Copying the files "sample_1.txt" and "sample_2.txt" from the local host to your home directory on the remote host$ scp sample_1.txt sample_2.txt your_name@remotehost.edu:~ Copy the file "sample.txt" from the local host to a remote host using port 2264$ scp -P 2264 sample.txt your_name@remotehost.edu:/some/remote/directory Copy multiple files from the remote host to your current directory on the local host$ scp your_username@remotehost.edu:/some/remote/directory/\{a1,b1,c1\} . $ scp your_name@remotehost.edu:~/\{foo.txt,bar.txt\} . scp Performance By default scp uses the Triple-DES cipher to encrypt the sent data. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line. $ scp -c blowfish sample_file your_name@remotehost.edu:~The -C option for compression should also be used to increase speed. The effect of compression significantly increase speed if your connection is very slow.Else it may just be adding extra burden to the CPU. An simple example of using blowfish and compression: $ scp -c blowfish -C sample.txt your_name@remotehost.edu:~Ping us for more information and get a quote for business assistance. Security Ubuntu Leave a reply Your email address will not be published. Required fields are marker *
close

on 12th October 2012 / by sandeep.sasikumar
The command "setfacl" refers to Set File Access Control Lists and "getfacl" refers to Get File Access Control List. Each file and directory in a Linux filesystem is created with a specific set of file permissions for its access. Each user can have different set of file access permissions. The permissions can be set using the setfacl utility. In order to know the access permissions of a file or directory we use getfacl. The getfacl command displays the access permissions of files and directories with file name, owner, group and the ACL's(Access Control List). When we create a directory it is created with a default set of access permissions and by using getfacl we will be able to see the access rights. What are the default access permissions for a newly created directory? To know this, first open a terminal and open the folder in which you want to create a subfolder. Next type "mkdir <folder-name>" and press the ENTER key. This will create a folder with default access permissions. To know the access permissions, type getfacl <folder-name> Now you will see the output of getfacl as something like the following: # file: file-name # owner: # group: user::rwx user:x:--- user:y:r-- group::r-- mask::rw- other::---Thus from the output of getfacl we will be able to see the access permissions of a file. In the above example, when we type getfacl <file-name> the output will be shown as in the above format. It displays the owner of the file, the group which has access to it and also its various users and their access rights. In the above case the users are x and y, where the user 'x' is having no permission on this file and therefore it is shown with --- symbol indicating no read/write/execute permissions for the user x. Now considering the other user 'y’, it is having the permission r-- which means read-only rights. The default umask is set to rw- (read/write permissions). How to copy the ACL of one folder to other? Consider an example of copying the ACL of the directory named "x" to "y". For this, firstly we should know the ACL of the directory named "x". To obtain this type the command getfacl x This will display the ACL of the directory named "x" in the above mentioned format: # file: x # owner: # group: user::rwx user:x:--- user:y:r-- group::r-- mask::rw- other::---To copy the ACL of one directory to the other we use the setfacl command. That is setfacl --setfile =- y As mentioned we want to copy the ACL of "x" to "y", for this we have to type the command getfacl x | setfacl -R –setfile = -y Here "getfacl x" will get the ACL of the directory named "x" and this output is given to the setfacl command using pipe. Thus getfacl will give the ACL of the directory "x" and setfacl -R –setfile = -y will set that ACL to the directory named "y". "-R" is used to set this ACL recursively. How to inherit the ACL of parent directory to its child? To copy the ACL of the parent directory to its child, use the following command getfacl . | setfacl -R --setfile = -subdirectory_name The "getfacl ." will get the ACL of the parent directory and setfacl will set that ACL to its sub-directories. Now for verification, type: getfacl subdirectory_name and also getfacl directory_name If both are same then the ACL of the sub-directory is same as the ACL of the parent. Linux System Administration Linux Shell Linux Terminal Security Leave a reply Your email address will not be published. Required fields are marker * ts (not verified) access_time 22 Feb 2019 - 13:02 The above command: getfacl x | setfacl -R –setfile = -y must reaad like this to work: getfacl x | setfacl -R –setfile=- y TS (not verified) access_time 22 Feb 2019 - 13:02 Forget about my previous post. This is the correct syntax now getfacl x | setfacl -R –set-file=- y anju rohilla (not verified) access_time 22 Feb 2019 - 13:02 when we run the command like this # setfacl -m u:anju:rw- /html where anju is a user and html is a file in /. then it changes the acess of the for group not for the user,why? Add new comment