Why zdnet readers are such asses
I for one don’t condone going on and bashing an Author, I would love to go and point out, hey why not post the remedy instead of just posting hey this is not a secure app, it’s vulnerable, well here take this for instance:
Five ‘must-secure’ Web app vulnerabilities
http://blogs.zdnet.com/security/?p=3268
Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention.
According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead to the theft of sensitive information and cookie-based authentication credentials. Here’s the top-five list from this past week:
1. Apache Geronimo Application Server
The free, open-source Apache Geronimo Application Server 2.1 through 2.1.3 is prone to multiple remote vulnerabilities.
- Multiple directory traversal vulnerabilities (see advisory)
- A cross-site scripting vulnerability (see advisory)
- Multiple HTML-injection vulnerabilities
- A cross-site request-forgery vulnerability (see advisory)
It’s important to note that attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.
2. SAP cFolders
SAP cFolders is vulnerable to several cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
- SAP Cfolders Multiple Stored XSS Vulnerabilies (Digital Security)
- SAP Cfolders Multiple Linked XSS Vulnerabilities (Digital Security)
- SAP Cfolders Multiple Linked XSS Vulnerabilities (”Digital Security Research Group \[DSecRG\]” )
- SAP Cfolders Multiple Stored XSS Vulnerabilies (”Digital Security Research Group \[DSecRG\]” )
- SAP note 1284360 (SAP)
- SAP note 1292875 (SAP)
3. CS Whois Lookup
CS Whois Lookup is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected software and possibly the computer.
An attacker can exploit this issue using a browser. The following example URI is available.
There are not patches available yet. Contact CS Whois Lookup for information.
4. phpMyAdmin
There is a remote PHP code-injection vulnerability (PMASA-2009-4) affecting phpMyAdmin.
An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
This issue affects phpMyAdmin 3.x (prior to 3.1.3.2). Attackers can launch exploits issue via a browser. Patches are available.
5. Novell Teaming
A user-enumeration weakness and multiple cross-site scripting vulnerabilities expose users of Novell Teaming to a range of attack scenarios.
- A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.
- The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
To exploit the cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI. The following example URI is available.
- Multiple Vulnerabilities in Novell Teaming (Bernhard Mueller )
- Novell Teaming username enumeration vulnerability fix (Novell)
- Novell Teaming Cross-Site Scripting Vulnerability fix (Novell)
Novell Teaming 1.0.3 is vulnerable; other versions may also be affected.
As you see above, this guy that works for Kaspersky Lab, great Author and all, still it kind of makes your wonder who you have behind the scenes at these sorts of joints such as Norton and etc…
Well if you read here was my answer:
- RE: Five ‘must-secure’ Web app vulnerabilities
-
The number one golden rule of keeping your whole box secure for this is??? Don’t run it as a privileged user… that’s what useradd is good for.
To note, why post just on five ‘must-secure’ without posting how to secure them? It’s pointless if your end-reader that’s new to the world of securing their apps, so here for example, how to secure your phpMyAdmin is simple and effective by adding a couple lines in their Apache Module conf file:
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.0.90All from 192.168.0.90 is a WS here that I’m at writing this reply, and that and localhost to the server is the ONLY ones allowed to use phpMyAdmin everyone else will be denied.
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdminnormally by default when installing phpMyAdmin you create an Alias on how it should be called, well I would make it more secure by changing the name as such:
Alias /fuhaX0rz /usr/share/phpMyAdmin
However it’s totally up to you, on what you want, but the first one of allowing access to the phpMyAdmin area via IP address is ample enough.
Simple 1 minute fix and any haX0r out there can try to run his bot day and night getting to this directory.The rest is simple, a guy has to only go and use google.com to fix the rest, I’m not the author of the blog, but if you post something about security and how to secure the apps, I would highly recommend for the end-user(reader) to have a how-to fix them…
Moral of it all is this, don’t post something they having bottom-lines saying, no patches are available, patches are available and etc… I for one don’t care to see this kind of stuff, you just gave 50% away, now give the other 50% to the end-reader and they’ll keep coming back too you. Well all the Authors at zdnet are great people, and one person namely Paula, which is very extraordinary and a well-rounded creature, but you know it’s about the reader-base.
I for one would love to see Authors ellaborate more especially to the end-reader on what to do to even beef up your security, yes we know this is not a PERFECT world and we will always have haX0rz, crackerz, keygenners and etc… I believe this is why you (as an Author) get such foul mooded readers (humans) people and hatemail. I don’t receive it only unless it’s from the IRS or something.
t3h l337 |-|4×02 473 m4h 54|\||)vv1[|-|
So WTF Get ‘r done!
