Archive for the tag 'security'

 

 

Feb 28 2021

Change Procedure/Function Security Type and DEFINER

Published by under Mysql

Mysql procedures and functions security type is set as DEFINER which is the default value, as described in the “Create Procedure and create function chapter” on mysql.com.Why one needs to be cautious? Anyone with EXECUTE privilege can run the procedure or function with the DEFINER permissions. This might not be what you want. An error […]

No responses yet

May 29 2017

Determine OS within FTP Session

Published by under Networking

The “QUOTE” FTP keyword is essential to allow a user to run system-specific commands on servers (eg SITE or ALLO)   Most FTP clients send a NOOP – that actually is a dummy packet – to keep the connection up ftp> quote noop 200 NOOP ok.   QUOTE SYST returns the Operating System the FTP […]

No responses yet

Apr 06 2017

Windows Managed Service Accounts

Published by under Windows

Managed service accounts appeared with Windows 2008 R2 Server. MSA provide a dedicated account for each service without the hassle of managing password assignment or reset; less management, more security. However, an account can only be used on one server.   Setting up a service account is done in 2 steps: Create it on the […]

No responses yet

Aug 09 2009

How to crack a WEP key and decrypt live traffic

Published by under Linux,Security

Cracking a WEP key is extremely easy and is a matter of a few seconds. Truth? Pretty much… We are going to decrypt traffic in real time as well without even needing to connect to the wireless access point. All steps will be run under root super-user as interfaces state needs to be changed.  To Start […]

One response so far

Jun 11 2007

Mysql Traffic Encryption with OpenSSL

Published by under Freeradius,Mysql

This is related to Freeradius software but can be applied to any application that needs to encrypt Mysql traffic. Freeradius is compliant to Radius protocol characteristics, which give ability to accomplish various actions, such as authenticate users. Number of caveats have been found, not related to the software but to the protocol. Joshua Hill from […]

No responses yet