What’s Evercookie? Mitigations techniques included.

H3LL0, “C is for Cookie. That’s good enough for me. Cookie, cookie, cookie starts with C” sings the Cookie Monster from Sesame Street. Let’s imagine Cookier Monster started learning hacking techniques then he found a way to make a cookie very durable and persistent. So after he ate a cookie: surprise! It’s come back again!…

0

What’s the Top 10 Web Hacking Techniques in 2010?

H3LL0, Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blogs, magazine articles, mailing lists, wikis, and many others places. Within the thousands of pages are the latest ways to attack websites, Web Browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE…

0

Do you know how many Data Breaches were tracked since 2005 in U.S.?

Hello, 2011 was a significant year for data security, with some of the biggest data breaches in our history reported. So far in 2011, Privacy Rights Clearinghouse tracked 535 breaches involving 30.4 million sensitive records. This brings the total reported records breached in the U.S. since 2005 to the alarming number of 543 million. See the…

3

Defending Against Cross-Site Scripting Attacks (Defending Against XSS)

Hello dear readers, Published reports’ statistics show “Cross-Site Scripting Attacks (XSS Attacks)” as the number one attack for exploited vulnerabilities on the WEB sites. Are you aware about how to mitigate against it? Is there a silver bullet for that? An old song* from 80’s give us a clue: (Replaces “house” by “WEB site”) “It’s build a…

0

TechEd Brazil 2011 – Quick Session: Microsoft Free Tools to help in diagnostics and troubleshooting (Part 2) ADTD ADMAP

(Active Directory Topology Diagrammer – ADTD) Hello, At my quick session delivered at TechEd Brazil 2011 on last September I demonstrated how to use the Active Directory Topology Diagrammer (ADTD) tool aka ADMap. The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using LDAP, and then automatically generates a Visio diagram of your Active Directory and…

0

Lync – Conversation Translator

Lync Conversation Translator Download Conversation Translator Conversation Translator provides a real-time language translation service for Lync instant messaging (IM) conversations.   You can download from this link: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26136    With Conversation Translator, both the sender and receiver can converse in their native language, and Conversation Translator handles the translation.   Powered by the Microsoft Translator…

2

Duqu – is a ‘son of Stuxnet’?

A research lab has discovered on computers in Europe a worm very similar to Stuxnet, according to a blog posted Tuesday by the IT security provider Symantec. Researchers at the lab, which Symantec did not identify, named the new worm Duqu [dyü-kyü] because it creates files with the file-name prefix ~DQ. It shares a great deal…

0

Keeping your Mailboxes’ storage Capacity Planning under control

Hello, It’s very common to find mailboxes without a size limit during a Risk Assessment for Messaging’s environments using Exchange Server. In general such situation can put your Mailboxes’ storage Capacity Planning under risk. Why? Because you cannot control what you do not measure. Do you agree? Thus it’s a very good practice regularly verify how many…

0

TechEd Brazil 2011 – Quick Session: Microsoft Free Tools to help in diagnostics and troubleshooting (Part 1)

Hello, I delivered a quick session last week at TechEd Brazil 2011. During the presentation I promissed to publish a link for the participants get access to a PowerShell’s Daily Operations script for Exchange 2007/2010. As you know Microsoft does not provide support for scripts so any change or something is up to you. I…

2