Welcome Guest ( Log In | Register)



 
 Reply to this topicStart new topic
> Security Not Safe
alexviii
post Aug 5 2006, 11:23 AM
Post #1


Member [Level 1]
****

Group: Members
Posts: 70
Joined: 5-August 06
From: Rome (born only)
Member No.: 27,852
Hi everyone!!!!!!!



This is the last one!! tongue.gif


Ok guys, I heard somewhere that if we protect some page with password, it is steel not safe at all, if we dont hace a secure connction (https://...)
How is it true? is there a posibility that some one can see a page, even if it is protected by password?
(the scrit in tha page don't allow IDs that didn't past from the login page)

is that script sufficent?

thanks a lot to every one biggrin.gif biggrin.gif blink.gif ohmy.gif biggrin.gif biggrin.gif cool.gif wink.gif




(list)

Go to the top of the page
 
+Quote Post
rvalkass
post Aug 5 2006, 06:38 PM
Post #2


apt-get moo
Group Icon

Group: [MODERATOR]
Posts: 2,055
Joined: 28-May 05
From: Hertfordshire, England
Member No.: 7,593
Spam Patrol
It entirely depends on what methods you are using to protect the page. For example, using JavaScript to password a page usually can be beated by disabling JS, or just guessing the URL of the page it'll take you to. Passwords created with .htpasswd files are more secure, but they can be beaten with brute force, which is the main problem with any password. No matter how secure the encryption is (another factor), or how good your code is, any password can be brocken with guesswork, which is why you are advised to use passwords like tRaP17!"£rUlEs as they can't be beaten with a dictionary.

Where you have a script that passes an ID from the login page, normally called a session, it is possible to fake the session or cookies if they are used. You have to know how the code works, what variables are used etc, but they can be beaten. HTTPS simply uses a non-standard port and adds an extra layer of encryption to the data. It can help with passwords and credit card information, but if you've already guessed a password, it's no more secure at all.

(list)

Go to the top of the page
 
+Quote Post
masterio
post Aug 25 2006, 09:31 AM
Post #3


Member [Level 1]
****

Group: Members
Posts: 50
Joined: 25-August 06
Member No.: 28,897
very agree with rvalkass.

For a page that password protected using .htacess it's better to make long character password. e.g using md5 or sha algotihm. It may still can be cracked by bruteforce. but the cracker may drunk 1000 glass of coffee until the process done.

Also some can easly monitor your traffic packet using packet sniffer. All your password or whatever that transmiting can be capture using this tool. Because of that why SSL is so important when dealing with transaction. If the packet sent using SSL connection, all the packet is hidden and cannot be captured by packet sniffer software!.

ph34r.gif

(list)

Go to the top of the page
 
+Quote Post
« Next Oldest · Computer Security Issues & Exploits · Next Newest »
 

Reply to this topicStart new topic

Collapse

> Similar Topics

Topics Topics
  1. Security Issue With Mozilla Based Browsers(22)
  2. Email Clients(23)
  3. List Of Security Sites(7)
  4. Linux Security Books(5)
  5. Linux Security Tools(5)
  6. Security Issue With Ctrl+c/copy On Clipboard(35)
  7. Windows Security Scanners(0)
  8. Antihack Is Launched - Oct 14(8)
  9. Antihack Security(8)
  10. System Security(6)
  11. Evil Bit In Ipv4 Header(0)
  12. Light To Heavy Security Tips(4)
  13. Microsoft Ships First Vista Security Patches(9)
  14. Serious Mac Os Flaws(1)
  15. Manual Virus Removing And Security.(0)
  1. Rootkits(2)
  2. A Very Simple Security Tip(13)
  3. Cpanel Exploit(8)
  4. Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk(9)
  5. Security Firm Kaspersky Lab Creates Ipod Virus(1)
  6. Brand New Security Holes Found And Patch On This Month Updates And Office Exploits(0)
  7. Php Security Vulnerability - Beware From Spammers(1)
  8. Security Guidelines For Internet Users(6)
  9. Symantec's Top 10 Internet Security Trends Of 2007(3)
  10. Security Commom Sense(0)
  11. New Security Hole Discovered In Excel(0)
  12. Security Warning 2008: Top 11 Malware Threats To Watch Out For(0)
  13. White Paper: Security Threat Report: 2008(0)


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 25th July 2008 - 10:45 PM
Powered By IP.Board © 2008  IPS, Inc.
Licensed to: Xisto Corporation