|
|
 |
Re: FN-FORUM: hack a site
date posted 6th January 2004 17:15
thanks Ema, useful info.
Darren.
----- Original Message -----
From: "Ema" [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Tuesday, January 06, 2004 5:18 PM
Subject: Re: FN-FORUM: hack a site
>
> Also, this link might help...
>
> *Keeping The Hackers Away From Your Database*
> http://home.openhosting.co.uk/article.asp?id=30
>
> David Turner wrote:
> > Hacking:
> >
> > If you want to get into this sort of malarky, you could try
> > www.searchlores.org which is deliberately difficult to navigate, but has
> > loads of interesting stuff, if you stick with it. It is not explicitly
about
> > hacking, it sees itself as being about gathering information, so there
are
> > lots of search engines hacks n tips etc. There are links to tools, that
you
> > could use for hacking on this site. www.2600.org is also an interesting
> > website, where you can learn quite a lot of interesting stuff, although
> > again you will need to do your own research to apply it.
> >
> > If you want to jump straight into it, then you could join some script
kiddie
> > IRC channel or other, and say things like gr8 and l8r - I think I am too
old
> > to be a script kiddie now. :-(
> >
> > Is your website secure:
> >
> > Is your login page on a http page? if yes, then the password and
username
> > are transmitted across the internet unencoded. If someone was scanning
for
> > passwords they might trap a valid password/ username combination. There
are
> > script kiddie tools, which you can set up to scan for this on the
internet.
> > You should better to put it on a https page. Same thing for your
sensitive
> > data, is the sensitive data displayed using http? if yes, then it is
being
> > transmitted across the internet for anyone to see.
> >
> > There are numerous password/ username dictionary attacks, which you
could
> > download and try a brute force entry onto your website. Which brings us
> > nicely onto what will undoubtably be the weakest area of your website,
which
> > is... your users. No matter how secure your site is, if they choose
admin
> > and as a username/ password pairing, you are stuffed.
> >
> > I would recommend buying a book about web/ computer security, it is a
> > massive subject.
> >
> > Finally if they want to be completely secure dont connect sensitive data
to
> > the internet. Having said that if you know the risks, it is usually
worth
> > it.
>
> Happy New Year :-)
>
> Em
> --
> http://www.webdesign-newcastle.co.uk/ ~ local internet resources
> http://www.giglistings.co.uk/ ~ north east music
>
>
> --
> ** Get all the Freelance Work you Can Handle *
> The Web Design Business Kit will show you proven tactics
> and strategies for marketing your business, winning bids,
> managing projects and pricing your work. Free Shipping Worldwide.
> Read more & get free chapters at:
http://www.sitepoint.com/launch/b7c91e/3/4
>
> To advertise here: http://www.freelancers.net/advertising.html
>
> |
|
|
