Happy FOSS

Opensource, Technology, Programming & Computer Science

Security by obscurity

I have a long list of username and passwords for various websites.
I cannot remember all, sometimes i have to reset the password.
Writing down the passwords in clear text is against my wish.
But i dont mind keeping the passwords in cypher text lol
The technique i am employing is security by obscurity.
I am not going to leak out the encryption technique i am using to anyone.
This is currently a quick solution i can think of !
Will do cypher text analysis, gain knowlege by reading more and hopefully develop some better solution in future 🙂
For now happy that i have offloaded all username and passwords from my mind to a file and got it encrypted too 🙂
I can disclose that the language that i used to develop my encryption tool is C 😉

August 21, 2010 Posted by | Security | , | Leave a comment

ICICI Bank Payment Gateway Exception Details

Click the below link to view it.

ICICI Payment Gateway Exception

With the above details we can conclude or rather its obvious that Infosys’s Finacle uses

1. IBM WebSphere

2. Custom Servlet

The exception stack trace was exposed perhaps because of poor exception handling.

February 22, 2009 Posted by | Internet, Programming, Security | 1 Comment

Securing Wireless Access Point

In order to be safe from malicious people who misuse the wireless networks, it is mandatory to secure the Wireless Access Point(WAP).

The following configurations has to be performed on the WAP

1. Change the default admin user’s password to a strong password and keep it secret.

2. Enable WPA key for connecting to the wireless network.

3. Enable MAC filter. MAC refers to a unique address of the wireless cards of desktops/laptops/other devices that can connect to the wireless network. Thus even if someone comes to know a WPA key. They will not be able to connect to the wireless network because their MAC address is not listed in the allowed MAC list configured in the wireless access point

4. Use OpenDNS IP address for DNS servers, if the WAP acts as a DHCP server for the wireless network.

5. WAP has firewall builtin. Set the firewall rules appropriately so that it allows only certain services running on the WAP/ within the wireless network to be exposed and thus only those ports are open.

6. Take a backup of the configuration you have done on the WAP. This will be helpful if you lose the settings of the WAP because of reseting or accidental modification. In such cases you can apply the backed up configuration.

If you are ignorant about configuring the WAP, please get it done by some one who can do it.
Stay safe and secure.

October 19, 2008 Posted by | Internet, Networking, Security | , , | Leave a comment

Yahoo Messenger vulnerability

I got a message from my friend on yahoo messenger containing the following ftp url of an exe file ftp://tlpoeil:yahoogoogle@ftp.members.lycos.co.uk/selfextract.exe

Please beware about downloading that exe file as it could be malicious.

Someone can disassemble it and find out whats in it

jun 17 2008:

As i am getting lot of hits for this topic, and i myself got such links from my yahoo network friends.

I guess the vulnerability in yahoo messenger has not been fixed.

This vulnerability of yahoo messenger could be exploited, so beware of exe spreading across yahoo messenger that is sent without the knowledge of the person from whom you got it. It could be malicious.

March 27, 2008 Posted by | Security | , , | 13 Comments

GPG

Today Ashok, a friend who caught me online through this blog of mine, experimented with a encrypted mail conversation.

I have been signing mails.But honestly the first time i tried encryption today.I abandoned evolution, so i had to depend on FireGPG plugin for my IceWeasel to do the encryption for me.

Backed up my keys and the revocation certificates.

February 24, 2008 Posted by | Internet, Linux, Security, Software | , , | 2 Comments