background preloader

Security

Facebook Twitter

OWASP Download. The OWASP Download category should be used to mark any page that has a significant download available. The download should be clearly marked and described near the top of the page. Our old download center is located at SourceForge. Many of our documents and tools are still available there. Important Note Many OWASP projects have not included the OWASP Download tag in their pages, so they are not listed here. Please add the tag to any page that contains a download to get it listed. How to add a new OWASP Download article You can follow the instructions to make a new OWASP Download article. [[Category:OWASP Download]] Subcategories This category has the following 63 subcategories, out of 63 total. Pages in category "OWASP Download" The following 68 pages are in this category, out of 68 total.

Partez à la chasse au malware sur votre serveur. Partez à la chasse au malware sur votre serveur Si votre trouille c'est d'avoir une faille sur votre serveur et qu'un affreux pirate ou script s'y faufile pour placer du code malicieux capable de balancer des malwares à vos visiteurs, j'ai ce qu'il vous faut.

Ça s'appelle iScanner et c'est un petit soft Linux/Unix qui est capable de scanner un fichier, un répertoire ou un site distant et de détecter les codes malicieux dans vos pages. iFrame, javascripts, vbscript, objets ActiveX, PHP plus que louche et certains malwares connus... iScanner saura reconnaitre l'entourloupe ;-) Cerise sur le gâteau, c'est aussi lui qui nettoiera votre code en cas d'infection (je vous recommande quand même de faire un backup avant, on ne sait jamais) et tout cela de manière automatique. La base de définition des malware est parfaitement ouverte et éditable donc si vous tombez sur des spécialités préparées uniquement pour vous, vous pouvez aussi les rajouter.

[Source] Vous avez aimé cet article ? Les Tutos de Nico. Black Hole Clears Out Sensitive Information on Your Mac with Ease. HTTPS Everywhere Updates with More Protection Against Firesheep. Enhance Your Security This Weekend. Thanks for the tips, however, based on the comments, I just have a few things to say: 1) I don't think deleting your account would actually be of any help, unless you won't be commenting in any Gawker site in the near future. The breach has happened, and I doubt it will happen again anytime soon. 2) there isn't much here of a threat other than your own fault for using simple passwords that can easily be brute-forced from their encrypted database. 3) although the recent breach has created this doubt with Gawker, I am still continuing to read from their site (especially lifehacker) and continue to comment, since I think they're awesome like that.

(my opinion, and you have yours) 4) if you are indeed compromised by using weak password, it is your fault, and your responsibility to secure your other accounts, and why would you use weak passwords anyways? Secure Your Online Life the Easy Way. HTTPS Everywhere. HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS.

Information about how to access the project's Git repository and get involved in development is here. HTTPS Everywhere now uses the DuckDuckGo Smarter Encryption dataset, to enable even greater coverage and protection for our users. Original announcement can be found here: Further technical details on how we utilize Smarter Encryption: How to Secure and Encrypt Your Web Browsing on Public Networks (with Hamachi and Privoxy) A VPN tool like Hamachi's good for games, which usually don't support proxies, but for web browsing encryption, a SSH tunnel with AES256 encryption and public key authentication is superior, not only in terms of security, but in portability and "less bulky" software.

In order to configure a VPN connection, you need Administrator privileges on Windows computers, plus you have to install software. With a SSH connection, all you need is a SOCKS server+SSH client blend (which does not require administrator privileges, though some applications need them for various reasons. Putty does not.), then point your web browsers proxy settings to localhost, and Voila! Done. OpenSSH is the way to go for Mac/Linux users, and can be used on Windows, but it has to be through Cygwin (which I personally find extremely annoying to use/setup (cygwin)).