Geeks With Blogs
Rishi Pande Me, Myself and my obsessions April 2006 Entries
Localstart.asp is a default page on IIS installations. This page is protected by IIS using basic authentication. The problem with this is that if I am able to bruteforce the password, I know the password for the admin on the local box. This can be very bad since the attacker now knows the admin's password. If the box enables any network services, this is almost fatal. Even if this particular box does not have any network services, the attacker has an idea of how the admins is making up passwords. ......

Posted On Sunday, April 9, 2006 1:38 PM

SSL certificates and poor implementations
We all know what a SSL cert is, right? Well then why are most certs so poorly implemented? I think the problem lies with most system administrators getting the cert at the last minute (when users report seeing an expired cert on the site) and sticking it in. Often though, several weak ciphers are allowed. I assume that everything below 128 bit encryption is a weak cipher (and hopfully you do too) Anyways, here are a few tools to check how the SSL encryption of your site looks to hackers: ServerSniff ......

Posted On Monday, April 3, 2006 9:47 AM

Copyright © Rishi Pande | Powered by: