Posted on

Stress-Test Your Web Site. This $250 Tool Is Free From Today

German company Paessler is probably best known for PRTG, its tool that helps you monitor your computers and network. Until today, the company also used to sell a product called Web Stress Tool, which can simulate multi ple users from a single PC in order to help you discover how well your web site responds to heavy usage.

 

Now, though, the company has decided that it wants to focus its business efforts on PRTG, and has therefore made the web stress tool freeware. The product used to start "from $250", according to Paessler’s web site, so this move to freeware represents a bargain for anyone who runs a web site and wants to check that it works efficiently.

 

Read More

Posted on

Hacking PayPal Account with Just a Click

The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users’ PayPal account with just a click, affecting more than 156 millions PayPal users.

 

An Egyptian security researcher, Yasser H. Ali has discovered three critical vulnerabilities in PayPal.

 

Read More

Posted on

Heartbleed Bug – Don’t trust the “HTTPS”

You have always been told to look for the Lock symbol in any website; that the lock indicates that you can a) trust that the website says they are who they are b) that any data you exchange with the website will be encrypted and no one else can read it. For eg. when you log in to your bank account, the lock gives you the assurance that no hacker on the internet can read your password and that you are indeed logging on to your bank’s website and not a bogus pretender bank website.

Though these things are true, a bug has been recently discovered in a software called OpenSSL. This bug can mean that, for websites that use the particular versions of OpenSSL that are affected, both of the above assertions may not be true. This bug enables a malicious hacker on the internet with no knowledge of any password related to the site with a vulnerable OpenSSL to a) possibly read any encrypted data that is flowing between the site and its users b) Use this knowledge of encrypted data, specifically private keys, to impersonate the affected website.

The malicious user can do all of the above because the so called “Heartbleed Bug” allows a malicious user to read a portion of website memory. This memory will contain at various points in time, private keys, passwords and other sensitive information which the malicious user can steal for further hacking.

It appears that the bug has been out in the open for more than 2 years and a public announcement regarding the bug was made last week – sending security professionals into a tizzy.

According to Netcraft, over a half a million websites continue to be affected by this vulnerability. A fairly recent list of websites affected is available on GitHub and includes popular websites like yahoo.com. Ironically, it appears as if the website of openssl.org itself is vulnerable.

Websites that use a vulnerable version of SSL would do well to move to a version that is patched.

Posted on

Secure your network – Pitfalls to be avoided

We have all seen lists upon lists of “How to secure your network”. We have grown immune to these well meaning rants, just as a teenager blocks out his parent’s “lectures” (No parent would call it a “lecture” while all kids will insist it is a “lecture, a boring one at that”). So, we decided to put on our thinking caps, after vigorously dusting it, and tried to come up with a list pitfalls to avoid; that will, hopefully, not be relegated to the annals of lecture fiefdom.
Continue reading “Secure your network – Pitfalls to be avoided”