Disable Weak SSL Ciphers

Many Internet users believe that https websites are secured and hard to break. This is not the case if the link (channel) established between client and server is using SSL2.0 or weak version of SSL. Even though it is difficult to exploit in real practice, an hacker can do man-in-the-middle attacks or decrypt communication channel between client and server.

Tools to detect the version of SSL supported in the web server:

1. THCSSLCheckVery simple and easy to use Windows tool.

2. SSLDiggerNice GUI Tool requires Windows .NET Framework.

This link will help you to disable SSL and Weak Ciphers

K9 Web Protection – Free Internet Filtering Solution

K9 Web Protection is a free Internet filtering and control solution for the home. K9 puts YOU in control of the Internet so you can protect your kids. More details about K9 Web Protections is described here

Download link: K9 Web Protection

We have discussed on seperate threads on how to configure and set up this web protection

Enable right click option in disabled websites

One of the security guidelines that developers follow today is to disable rightclick in websites requiring high level of security. Many websites are using this trick to disable right click on websites. This addon adds an icon to your statusbar which restores javascript-disabled features if clicked.

How to use?

  • Download and Install Firefox
  • Download and Install RightToClick Add-on
  • Once installed the add-on in your website, you could find an arrow icon in your status bar of Firefox browser.
  • If you want to enable right click option in disabled websites, click the arrow icon. The right click will be soon enabled

Test Results:-
I tested this add-on with two of my regular website, one is coded by my friend and another is a well known bank website. Both websites have disabled right click option but using this add-on, I was able to bypass it and  got access to source code. Cool Stuff!

Find Stolen Images with TinEye Image Search

TinEye is a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks. For some real TinEye search examples, check out their Cool Searches page.

If you want to find out if your copyright protected image is stolen and being used in any other websites, this is really going to workout for you. really fantastic!. I was so amazed when I did testing with some random images from my collections. See a sample test results below.

Below image was found in 6 locations. TinyEye also provides exact path of the  locations where you can find the same image. Great Tool for auditors to check copyright violations.

Protection of Web Servers from Google Hackers?

Google Hacking is “a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.”  The following query will locate all websites that have the words “admbook” and “version” in the title of the website. It also checks to ensure that the web page being accessed is a PHP.

intitle:admbook intitle:version filetype:php

This is how the Wikipedia defines Google Hacking. Even though Google provides so many advanced parameters likes intitle,index of to speed up our search results, but at the same time organizations are now worried about their privacy contents in their web servers exposed by these Google Hacking. Read here for more Google Hacking tips .

So how to protect Web Servers from Google Hackers?
Tips:

1. Include robots.txt in Web directory.
The method is to create a file on the server which says Google bots about access rights to scrawl the website.  A simple robots file is already discussed here Prevent Google Robots using robots.txt file

2. Do not keep Confidential documents.
Web masters must ensure that no confidential documents are placed in Web Servers. Frequent auditing of Web Server contents would help to ensure and prevent Google Hacking.

3. Hack your Webserver as Google Hacker do.
Using Google parameters, you can yourself audit your webserver and ensure the level of your web server security. There are also automatic tools available say SiteDigger and Gooscan to test and speed up your work.