Loading recent posts...

Mar 4, 2012

Expert on Recovery After an Iframe Injection Attack

Seeing that a lot of websites are plagued with Iframe Injection vulnerabilities, independent security researcher Shadab Siddiqui made up an advisory to help website administrators recover their websites after such a security hole has been exploited. He also listed some safety measures that must be implemented in order to avoid such incidents.

The first step in recovering a website after an Iframe Injection attack is to shut it down completely during the cleansing process. This must be done to ensure that the malicious elements that may have been injected are not spread to the computers of unsuspecting visitors.

According to Siddiqui, the next step is to change all the passwords.

“Although this may seem like a simple step, many people, including myself, often fail to change all the passwords immediately after an attack has been discovered,” he told us. 

“You need to change all the passwords associated with the website; which include FTP passwords, SSH passwords, account passwords, database passwords, admin passwords and so on.”

Further on, administrators should make a copy of the damaged website on which they can perform further analysis. 

While it’s not recommended to keep the infected files on the server, they might come in handy later in case it may be necessary to refer to the injection source code, which is why a compressed copy should be stored in quarantine. 

The fourth step is a highly important one since it refers to the backup process that admins need to perform periodically to make sure that they always have a clean copy of the website.

“Do not rely on your hosting provider for a backup copy of your site. Many hosting providers say they do an automatic backup every night, however, it is more reliable if you have other backup solutions for your website,” he explained. 

“Scan your backup copy with Anti-Virus software like ZoneAlarm or Trend Micro before uploading to the web server to ensure that the backup copy is free from viruses and Trojan horses.”

After the site has been restored from a clean backup copy, it must be checked. If all tests are passed, it can be reopened to the public.

“In order to ensure that the same attack does not happen again, you will need to do a full analysis of the attack and its origin. Was it because of a security hole in your application? Was it caused by a weak file permission?”

“Or is your server affected with some virus that injects this code into your website at regular intervals? You will need to understand how it happens in order to prevent it in the future. And when necessary, obtain an expert advice,” Siddiqui added.

The expert believes that the final step is implementing security measures based on the analysis of the attack. New security restrictions, upgrading all the applications that power the site, securing the web servers, these are all measures that can prevent future attacks.

In the end, let’s hear some basic advice on what must be done to secure a site against Iframe Injection attacks:

I have encountered and recovered quite a few websites that had been attacked by malicious iframe exploits in recent years and the common causes seem to be as follows:

  • The website is hosted on a cheap web hosting service;
  • The website is using an old version of an open source application (eg: WordPress ) which has known security issues;
  • File permissions on the server are not set accordingly (eg: every file and folder on the server is set to 777 read-write-execute);
  • Weakness in an application code. For example, there is not sufficient input validation;
  • FTP rather than SFTP is used;
  • There is no IP restriction for SSH and FTP accounts.

Apple Begins iOS 6.0 Testing

Server log entries identified as coming from Apple’s Cupertino campus in California indicate that iOS 6.0 testing is underway using iPad tablet computers and an unreleased version of WebKit, the layout engine designed to allow iTunes and Apple’s Safari web browser to render web pages.

While looking at iPad user agents coming from Apple's corporate IP block in Cupertino, California, Ars Technica recently discovered that Apple was accessing the Internet from iPads running iOS 6.0. Or so say the web logs highlighted in yellow in the screenshot to the left (click to enlarge).

Looking at the bigger picture, we can see that Apple is testing how the web displays on iPads running iOS 5, iOS 5.0.1 (the current version available to the general population), iOS 5.1 (the beta OS currently being tested by Apple developers worldwide), and, finally, iOS 6.

The iOS 6 test machines also appear to be using a newer version of WebKit - build 535.8.

With the iPad 3 on its way next week, and Apple putting the finishing touches on iOS 5.1 GM builds, we can safely assume that the iOS 6 unveiling will be reserved for the iPhone 5 launch later on this year.

There has been much debate as to whether the next iPhone will be confirmed at the next annual Worldwide Developers Conference (WWDC 12) this summer, or later, in fall - just like the iPhone 4S.

Sources quoted by Japanese blog Macotakara, whose reporting on Apple rumors has been somewhat accurate lately, said “[the] next iPhone will be released in September or October.” Moreover, the sources said in February, Apple plans to keep this cycle “for years.”

Apple was already believed to have shifted the iPhone refresh cycle to fall, due to its delayed iPhone refresh last year.

iPad 3 Will Start at $499 for the Base Configuration - Report

Apple is not planning a price spike for the next generation iPad, according to one report coming from a reputable source, despite rumors that the iPad 3 might be pricier by as much as $80.

Sources familiar with Apple’s plans with the iPad 3 lineup are telling 9to5mac that the pricing will be identical to that of the iPad 2, a move that replicates Apple’s pricing scheme from last year.

There shouldn’t have been any concern that the iPad 3 would cost more. However, a person from China claiming to have inside knowledge kicked off a rumor this week saying that the iPad 3 would see a price spike of about $70-$80 in the Unites States.

It still remains to be confirmed exactly what Apple will charge for the next iPad, but it’s very unlikely that it will cost more.

Novero Releases Dual-OS Laptop-Tablet with Flip-Rotate Screen

If anyone was wondering where all the hybrid tablets had gone, they are still right here in our midst, as Novero all too eagerly proved during MWC 2012.

The company created the Solana laptop-tablet hybrid device, which uses a flip-rotating screen to switch from slate to notebook form factors, and vice versa.

In much the same manner, the newcomer can choose which of its two operating systems to use at any given time.

One of them is Google's Android 2.3.7, while the other is Microsoft's Windows 7 (Windows 8 is supported as well).

“By introducing Solana we have marked the next milestone in offering intelligent and affordable, multi-feature products which perfectly match today's professional consumer needs,” said Razvan Olosu, CEO, at novero. 

“The idea to merge a laptop and a tablet as such is not ground breaking at all. However, the way we have designed Solana's body and brain, combining two of the most widely used operating systems, Windows and Android, and addressing the needs of the mobile business community to carry a single device for both productivity and entertainment is unique and outstanding.”

Spec-wise, the newcomer uses a dual-core Intel Atom N2600 Cedar Trail processor, 3.5G broadband support, a 32 GB-128 GB SSD, a microSD card slot, a 10-inch LCD and 2 GB of DDR3 RAM.

The price is of 550 Euro in Europe and around $699 in the US.

“I am proud that the esprit and the extraordinary capabilities of Solana do mirror the teamwork and brainpower of our development and design teams in Canada, Germany and Denmark,” the CEO stated.

“That we have our finger on the pulse of the time has already been confirmed by the great feedback we received from developers and other experts who already could experience the look and feel of Solana's first prototype at the Intel Developer Forum 2011. Now we are ready to launch Solana, and offer everybody more for less with the freedom to smoothly flip between work and fun, between laptop and tablet mode, and between Windows and Android applications."

CyanogenMod 9 Nightlies Released for Galaxy S II

Owners of Samsung Galaxy S II smartphones can now download and install on their handsets nightlies of CyanogenMod 9. 

Recently, the CyanogenMod team announced the availability of CyanogenMod 9 nightlies for three other devices, namely Galaxy Nexus, Nexus S and Motorola Xoom.

Today, these nightly builds are available for Samsung’s flagship device, as well as for the Asus Eee Pad Transformer TF101 and Transformer Prime TF201 tablets. 

Through CyanogenMod builds, users can enjoy a series of customization options that are not usually available on the Android platform. The latest version of these custom ROMs is based on the new Android 4.0 Ice Cream Sandwich operating system. 

The team behind CyanogenMod ROMs has been working on the development of CM9 for the past several months, and is expected to release the final flavor of the software soon.

Alleged Benchmarking Result for Galaxy S III Emerges

Soon, South Korean mobile phone maker Samsung Electronics will bring to the market the successor of its high-end Galaxy S II smartphone. 

The vendor already confirmed plans for this, and announced that it will launch the phone before mid-2012, but has yet to deliver any other details on the matter. 

Before official info on the upcoming device becomes available, however, it appears that the first benchmark of it emerged online.

On the GLBenchmark website, we can access the testing results for a Samsung smartphone that features the model number GT-I9300.

The handset is listed as featuring a 1196 x 720 pixels resolution, which suggests that it could sport a button-less design similar to the one available on Galaxy Nexus. 

This means that the mobile phone might not arrive on shelves with the 1080p full HD screen that it was previously rumored to sport. 

The phone is also listed with a 1.4GHz processor, which might be quad-core, though the info lacks from that website. It should be an Exynos 4 CPU from Samsung, featuring a Mali 400 MP GPU (the same as Galaxy S II, Pocketnow adds).

On the said website, we can see the results for the GLBenchmark 2.1 Egypt Standard benchmarking test, in which the handset scored 6584 frames (58.3fps). The handset runs under the Android 4.0.3 Ice Cream Sandwich operating system. 

The upcoming Galaxy S III smartphone is expected to deliver a performance above that of its predecessor, although it will have a larger, higher resolution screen. 

Some of the latest rumors on this mobile phone suggested that it could arrive on the market with a 4.8-inch screen and that it would include an 8-megapixel photo snapper on the back. 

Moreover, the phone is said to be slated for an April release (Samsung might aim at having it available in a multitude of markets at the same time). Stay tuned for more on this.

Gigabyte's GA-Z77X-UD3H and GA-Z77X-UD5H Motherboards

We've seen Gigabyte's G1.Sniper M3 microATX motherboard and now we are looking at two other products designed to support Intel's upcoming Ivy Bridge central processing units (CPUs). 

The two boards that aren't intended for gamers are based on the Z77 chipset and called GA-Z77X-UD3H and GA-Z77X-UD5H. Unfortunately, the exact prices have yet to be disclosed

The former has four SATA 3.0 Gbps ports and two SATA 6.0 Gbps ports, plus three more of the latter via two Marvell controllers. 

An mSATA is available as well, along with headers for USB 2.0 (4 ports), FireWire and UB 3.0 (six ports, enabled by VLI USB 3.0 hubs). 

There are 16 lanes of bandwidth shared between two PCI Express 3.0 x16 slots, while a third x16 slot is connected to the chipset via a PCI Express 2.0 x4 interface. 

Overclocking features are available as well (voltage measuring points, a SATA style power connector for extra extra power to the PCI Express, etc). 

Furthermore, the rear I/O boasts two USB 2.0 ports, four USB 3.0 ports, FireWire (one), dual Gigabit Ethernet, eSATA, 7.1 channel audio with optical S/PDIF and DisplayPort, HDMI, DVI and D-sub connectors. 

The other motherboard, Z77X-UD3H, is the more affordable option of this pair. 

As such, it makes some design concessions, though not overly many, so prospective buyers needn't be too worried. 

For instance, the PWN design is a bit simplified (the CPU still has a digital controller but analogue ones for the chipset and memory). 

Another things is that the heatsinks are less complex, lacking the heatpipes present on the other platform. 

Furthermore, FireWire is totally absent and only one USB 3.0 internal header exists (there are six USB 2.0 pin headers links). 

As for the back I/O, a lone Gigabit Ethernet connection can be established, but gigabyte kept the 7.1-channel audio with optical S/PDIF and the video ports. There are also six USB 3.0 ports and a PS/2 port.

LG Promises Android 5.0 Upgrades for 2012 Devices

South Korean mobile phone maker LG Electronics is expected to deliver upgrades to the upcoming Android 5.0 Jelly Bean operating system to all of its devices launched in 2012. 

Although the platform hasn’t been launched yet, the handset vendor already confirmed plans to make the move. 

The only limitation that might appear is related to the hardware capabilities of these mobile phones. 

However, as long as the device supports it, the Android 5.0 update will be released. According to LG's UK Product Manager Shaun Musgrave, this is the company’s way of showing its commitment to deliver “the best smartphone experience.” 

Just before the Mobile World Congress in Barcelona, LG unveiled to the world a series of new devices, including the high-end Optimus 4X HD, Optimus 3D Max and Optimus Vu, all of which appear capable of supporting the next Android release.

Gigabyte's G1.Sniper M3 MicroATX Motherboard

Gigabyte has apparently acted on all the consumer feedback and requests it received in regards to its G1 series of gaming motherboards. 

What this means is that the company finally has a product that, rather than the ATX or XL-ATX form factor, uses the microATX size. 

The name, according to VR-Zone, is G1.Sniper M3, and the design involves a mostly black color theme with blue heatsinks instead of the blue PCB Gigabyte is known to love. 

 As people are no doubt able to guess, the product is made with Intel's Z77 chipset, which handles LGA1155 "Ivy Bridge" and "Sandy Bridge" processors. 

Two PCI Express 3.0 x16 slots are present (work in dual x8 mode when both are employed), as are a PCI Express 2.0 x1 slot and a PCI Express 2.0 x16 slot. 

Since this is a small motherboard, it is actually quite a feat that there is a full pair of slots for high-end video cards. 

On the flip side, the storage options aren't as extensive as one might hope, with just two SATA 6.0 Gbps ports and three SATA 3.0 Gbps connectors. 

Then again, mATX cases don't usually have room for more than five drives, if they even reach that number. 

Moving on, the back panel offers four USB 2.0 ports, two USB 3.0 ports (no USB 3.0 hubs), eSATA, a PS/2 port, Ethernet, 7.1 channel audio with optical S/PDIF out and the expected range of video outputs (D-Sub, DVI, HDMI and DisplayPort). 

Headers on the motherboard allow for an extra six USB 2.0 and two USB 3.0 links, but the clear CMOS, power and reset buttons are conspicuously absent, along with the POST80 debug LED. At least Creative's Sound Core3D technology made it on the spec list.   

We don't have a price for this G1.Sniper M3, so we can't tell for sure how well liked it will be, even if the heatsinks in the photos get replaced by better ones. We do know that ASRock's Z77 Fatal1ty Professional-M will be at odds with it though.

NVIDIA GK104 Kepler Card PCB Pictured

As the release of NVIDIA's fabled 28nm-based video card approaches, a leak has exposed what the product's PCB looks like. 

We now know, with a reasonably low degree of doubt, that NVIDIA's first Kepler video board will be released on March 23. 

What we have in the photo above is the printed circuit board, according to Chiphell

Notice the five-phase VRM, the HDMI and DisplayPort connectors and the two DVI ports. Two SLI connectors, the GPU die and the memory are clearly visible as well, finally. 

The photo also reveals that strange 8-pin + 6-pin stacked power connector we spotted yesterday, and we guess there will be cards with two 6-pin ports instead, or NVIDIA will choose one or the other. 

This board is, in the end, just an engineering sample, so the final product may exhibit some differences.

AMD Radeon HD 7870 Pitcairn Graphics Cards Spotted in the Wild

With just a few more weeks separating us from the launch of AMD’s Pitcairn GPUs, also known as the Radeon HD 7800 series, an image allegedly depicting two such cards was posted online by a Chinese website.

Not much can be seen from the picture published on the PC in Life forums, but the two cards presented are reported to be based on the Pitcairn XT GPU, which means that we are dealing with the Radeon HD 7870.

Both of these cards use a black PCB, just as the Radeon HD 7900-series, and are covered by a black/red plastic shroud with a blower fan placed to the right of the GPU.

While no information regarding the specs of these graphics cards was provided by the source, some previous leaks have suggested that AMD’s Radeon HD 7800 models will come equipped with 2GB of GDDR5 video memory buffer.

In the more powerful HD 7870, this will be accompanied by the Pitcairn XT GPU which includes 1408 streaming processors, 88 texture units and 24 ROP units that will all be connected to the memory via a 256-bit wide bus.

Thanks to the 1,375MHz (5.5GHz data rate) VRAM operating clock, this configuration should be able to deliver 176GB/s worth of memory bandwidth.

As far as the GPU is concerned, this will work at 950MHz, making it the second highest clocked graphics core in the Radeon HD 7000-series after the HD 7770.

For the Radeon HD 7850, AMD will decrease this frequency to 900MHz, while the memory will also be downclocked from 1,375MHz to 1,250MHz (5GHz data rate). This drops the memory bandwidth available to the GPU to 160GB/s. 

Other changes brought to the Pitcairn Pro core include a reduction in stream processors count, from 1408 to 1280, the number of texture units available also being lowered to 80 from 88 in the Pitcairn XT.

The Radeon HD 7800 series graphics cards based on the 28nm Pitcairn GPU should arrive in the first part of March.

Intel Ivy Bridge Powered Samsung 17.3 Notebook Goes on Pre-Order

Even though almost two months separate us from the launch of Intel’s Ivy Bridge processors, some US based retailers have jumped the gun and started listing notebooks powered by these CPUs on their websites.

One such example is J&R who has recently added a 17.3-inch Samsung notebook to their offer, running Intel’s next-gen 22nm processors.

Dubbed the NP700Z7C-S01US Nike, the laptop in question runs Windows 7 Home Premium (64-bit) and boasts a Full HD screen, as well as an Intel Core i7-3615QM CPU.

Those of you who aren’t familiar with Intel’s Ivy Bridge CPUs should know that this chip packs four computing cores clocked at 2.3GHz (3.3GHz maximum Turbo Boost speed), support for Intel’s Hyper-Threading technology and an on-die Intel HD 4000 graphics core.

In Samsung’s creation, this fast Intel processor is paired together with 8GB of system memory, as well as with a 1TB hard drive with an additional 8GB of Express Cache memory, according to Laptoping.

The rest of the features list includes a 1.3 Megapixel HD camera with noise-canceling microphone, D-Sub and HDMI video outputs, a multi-format memory card reader, a Super Multi DVD dual-layer burner, as well as the standard Gigabit Ethernet, 802.11 b/g/n WiFi and Bluetooth 3.0 connectivity.

Two USB 3.0 ports are also included, which is definitely a welcomed addition if you ask us.

When unplugged from the power outlet, Samsung’s Series 7 notebook gets its power from an 8-cell Lithium Polymer battery.

The NP700Z7C-S01US Nike is available right now for pre-order from J&R, with pricing being set at $1,499.99 (roughly 1,131 EUR). 

Sadly, the retailer doesn’t seem to know when this Series 7 notebook will start shipping to its customers, but we expect this to happen at the end of April, shortly after Intel launches its 22nm Ivy Bridge processors.

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | coupon codes