Check if your server is vulnerable to FREAK Attack

FREAK Attack, a new SSL/TLS vulnerability that allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weak encryption, which the attacker can break to steal or manipulate sensitive data.

Servers:-

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack. You can perform free SSL FREAK Check on your HTTPS servers to verify if they accept weak encryption.

Clients:-

Not all Client browsers are vulnerable at the moment, you can keep checking here for update if your Chrome, Firefox, IE or Safari browser is vulnerable. If possible, keep your browsers uptodate with latest version. You can perform free SSL FREAK Check on your client computer to verify if they accept weak encryption. You need to click on 2 links provided on this website and if the page loads, then you are vulnerable!

References:
https://www.smacktls.com/#freak
https://freakattack.com/

 

Review of Web based Password Manager

Web based Password Management Tools such as Password Vault Manager provide easy and secure management of all your passwords and sensitive information in a centralized location. When you first evaluate these web based tools, they look to be a perfect solution for your core issue of password management in your organization. They provide plenty of features and very specifically

* Centralized storage of your passwords in MS SQL Server / mySQL or any other free database.

* Passwords are encrypted and stored in databaes

* Integrate with your Active Directory and apply restrictions

* Web based interface

and so many eye-catching features…

But think about what will happen during disaster situation, say your Password Management server crashed all of a sudden? You lost access to all your passwords! You then need to prepare a database server, restore your database from backup to finally get access to your passwords. Doesn’t it sound hard during disaster?

Juice Jacking – Free mobile charging stations can steal your data

Are you a frequent traveler and have habit of charging your mobile phone via public mobile charging stations? This article is for you and read further…

Juice jacking is a way of stealing mobile data via public mobile charging units or stations that basically provides you an USB cable to charge your phone. Hackers can hijack such mobile stations (or even hide a tiny computer inside) and steal the data from the mobile phone that you plugged in actually just to charge your dying phone. Sometimes, they inject malwares into your phones to facilitate later exploitation.

These mobile charging stations are almost available in many public places – malls, airports and in conference rooms.

How to protect your data?

All you need to follow is just prevent USB charging cords in public places from transmitting data.

1. Carry your own power socket charger – the most safest and simplest option of all

charger

 

2. Purchase and carry your mobile power bank. 

3. There are times when you can’t find a power socket, then in that case, buy and use juice jack defending devices (you can see a tiny device plugged into USB charging station as if a connector). These “juice jack defending devices will prevent transmitting data while you are charging your phone via USB.

Where to buy such juce-jack defenders – www.chargedefense.com sells such device for $15

How to download hotspot shield if anchorfree.com site is blocked in your country

Hotspot Shield lets you establish secure connection with the click of button to improve online security. It provides your proxy access to whatever you view in the Internet i.e., the servers can see only Hotspot Shield IP address and not your actual IP address.

With Hotspot Shield, you can get following benefits

  • Protect yourself from identity theft online.
  • Hide your IP address for your privacy online.
  • Access all content privately without censorship; bypass firewalls.
  • Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, corporate offices.

I have seen that many countries have blocked Hotspot Shield website www.anchorfree.com and prevent users downloading it. Because otherwise ISP cannot really trace the user with their IP address. Remember that using your IP address usage, ISPs can track your usage and websites that you visit. So how can you download then? You can still download the Hotspot at cnet.com. Get it here – http://download.cnet.com/hotspot-shield/.

Disable Weak SSL Ciphers

Many Internet users believe that https websites are secured and hard to break. This is not the case if the link (channel) established between client and server is using SSL2.0 or weak version of SSL. Even though it is difficult to exploit in real practice, an hacker can do man-in-the-middle attacks or decrypt communication channel between client and server.

Tools to detect the version of SSL supported in the web server:

1. THCSSLCheckVery simple and easy to use Windows tool.

2. SSLDiggerNice GUI Tool requires Windows .NET Framework.

This link will help you to disable SSL and Weak Ciphers