 |
|
Your search for a great technology company is AllOver!
AllOver.ca web hosting Vancouver is in business to help you in your business.
We provide the highest quality & best value hosting to ensure complete
satisfaction. We take an active interest in the needs and requirements
of your company enabling you to fully encompass technology.
|
|
|
|
Domain Names. Are there any good ones left? You bet there is!
Registering a domain name with us is easy and affordable. Prices as low
as $20.00 (CAD) for a .com We provide domain registration services from
our DotRegister.ca site, giving our customers the ability to register
just about any domain extension available. Check out our price list. Private
registrations available free of charge.
|
|
 |
|
|
|
 |
 |
|
|
Live support by phone or online
chat. Get it working properly...Free!
|
|
|
|
 |
Why can email
attachments be dangerous?
Some of the characteristics that make
email attachments convenient and popular are also the ones
that make them a common tool for attackers:
-
email is easily circulated - Forwarding email is so simple
that viruses can quickly infect many machines. Most viruses
don't even require users to forward the email—they scan a
users' computer for email addresses and automatically send
the infected message to all of the addresses they find.
Attackers take advantage of the reality that most users will
automatically trust and open any message that comes from
someone they know.
-
email programs try to address all users' needs - Almost any
type of file can be attached to an email message, so
attackers have more freedom with the types of viruses they
can send.
-
email programs offer many "user-friendly" features - Some
email programs have the option to automatically download
email attachments, which immediately exposes your computer
to any viruses within the attachments.
What steps can you take
to protect yourself and others in your address book?
-
Be wary of unsolicited attachments, even from people you
know - Just because an email message looks like it came
from your mom, grandma, or boss doesn't mean that it did.
Many viruses can "spoof" the return address, making it look
like the message came from someone else. If you can, check
with the person who supposedly sent the message to make sure
it's legitimate before opening any attachments. This
includes email messages that appear to be from your ISP or
software vendor and claim to include patches or anti-virus
software. ISPs and software vendors do not send patches or
software in email.
-
Save and scan any attachments before opening them -
If you have to open an attachment before you can verify the
source, take the following steps:
-
be sure the signatures in your anti-virus software are up
to date
-
save the file to your computer or a disk
-
manually scan the file using your anti-virus software
-
open the file
-
Turn off the option to automatically download attachments
- To simplify the process of reading email, many email
programs offer the feature to automatically download
attachments. Check your settings to see if your software
offers the option, and make sure to disable it.
-
Consider additional security practices - You may be
able to filter certain types of attachments through your
email software.
AllOver.ca scans incoming email
messages sent to our clients for viruses and dangerous file
attachments. if you receive an message like this
within your email:
************************************************************
** One or more attachments were removed from this message **
** due to security restrictions enforced in this network. **
** If you believe this to be in error please notify
**
** support@allover.ca
immediately.
**
************************************************************
This means a potentially dangerous
file type was attached to the message and was stripped to
protect the client. If you believe that this file was
stripped in error (possible due to a badly named file)
please contact our technical support team and they will
retrieve the attachment that was stripped to investigate. If
the attachment is deemed safe, the full message (with
attachment) will be deposited in your inbox.
|
|
WEB INDUSTRY NEWS |
|
|
26/01/07
Apple Patches Mac Wireless Security Hole |
Apple Inc. on Thursday released a security update to patch a
hole in the wireless Internet software built into many of its
computers running Mac OS X.
The update applies to Core Duo versions of the Mac mini,
MacBook and MacBook Pro computers equipped with wireless.
Affected Mac users can download the patch via OS X's Software
Update feature, or directly from Apple Downloads. |
|
04/19/2006 Not All Banks Requiring
SSL |
According to news entry on
some banks aren't requiring SSL, and even worse
aren't submitting credentials over ssl. The findings can be
found below.
Research Finding Link:
|
|
|
04/17/2006 Web App Vulnerabilities Are Getting More Attention
|
Information weekly has
written an article entitled "Web App Vulnerabilities Are
Getting More Attention; Now's The Time For IT To Get
Defensive"
"Attacks designed to bring down networks are largely under
control, even though companies still spend plenty of time
defending against them. The latest addition to IT teams' worry
lists: keeping Web apps from being hijacked and forced to give
up data that can be used to commit identity theft or other
crimes.
The number of Web sites with applications vulnerable to these
attacks appears to be small--58 were reported last year to the
Web Application Security Consortium, a group that tracks flaws
found in custom Web apps. But that's a big leap from the 16 in
2004 and nine in 2003. This year, at least 20 vulnerabilities
have been reported, including cross-site scripting
vulnerabilities at eBay, Microsoft MSN Hotmail, and open
source repository SourceForge.net, all of which have since
been fixed. And the reported number of vulnerable sites could
be just a starting point, since the vulnerabilities aren't
easy to spot, and attackers try to get in and out without
leaving a trail. So victims may not know their sites were
attacked and data compromised or stolen." - Information Week
Article Link:
|
|
|
04/13/2006 Web App Hack Incidents Are
Up As Businesses Take Cover |
"Web site hacks are on
the rise and pose a greater threat than the broad-based
network attacks that have been giving IT departments fits.
Whereas attacks against networks disrupt Internet service and
negatively impact companies trying to do business over the Web
or private networks, attacks against Web applications threaten
to steal critical customer, employee, and business partner
information stored in applications and databases linked to the
Web.
Web hacking attacks numbered 58 in 2005, up from 16 in 2004
and 9 in 2003, according to the Web Application Security
Consortium. Another 20 attacks have been reported this year
against sites including open-source repository Sourceforge.net
and social network MySpace.com, putting 2006 on pace to be the
worst year yet. " - Information Week
Article Link:
|
|
|
04/10/2006 Paros 3.2.10 released |
A new version of
has been released.
"We wrote a program called "Paros" for people who need to
evaluate the security of their web applications. It is free of
charge and completely written in Java. Through Paros's proxy
nature, all HTTP and HTTPS data between server and client,
including cookies and form fields, can be intercepted and
modified." - Paros Team
Download Link:
|
|
|
04/08/2006 HttpSecureCookie, A Way to
Encrypt Cookies with ASP.NET 2.0 |
"I really have some
good laughs when I tamper with cookies on my machine and watch
the results when it is submitted back to the site. On the
other hand, I don’t want any one to do the same to the cookies
that I make!
Cookies, most of the times, shouldn’t be in plain text, at
least, they should be tamper-proof! Revealing the content of
your cookies might give curious and malicious people an idea
about your application’s architecture, and that might help
hacking it.
ASP.NET encodes and hashes its authorization ticket, making it
secure and tamper-proof. However, the methods used to secure
authorization cookies are inaccessible from outside the .NET
framework libraries, so you can’t protect your own cookie
using these methods; you need to protect it yourself using
your own encryption key, encoding and hashing algorithms.
HttpSecureCookie works around this by accessing the same
methods ASP.NET uses for cookie authorization." - Adam Tibi
Article Link:
|
|
|
04/07/2006 New Open Source Web
Application Scanner Released (Oedipus) |
800m800m Writes
"Oedipus is an open source web application security analysis
and testing suite written in Ruby by Penetration Testers for
Penetration Testers. It is capable of parsing different types
of log files off-line and identifying security
vulnerabilities. Using the analyzed information, Oedipus can
dynamically test web sites for application and web server
vulnerabilities.
The first official beta release of the Oedipus Web Application
Project is now ready for testing. Check out
for more information..."
Screenshots available at
Download Link:
|
|
|
04/01/2006 ALERT: Cross HTTP Response
Splitting Session Fixation Smuggling Scripting Vulnerability
Discovered |
has issued a warning against a new web based threat entitled a
"Cross HTTP Response Splitting Session Fixation Smuggling
Scripting Vulnerability". According to the founder of
Johannes Ullrich
"If on April 1st you have specific non default settings in
Internet Explorer, visit a serious of 4 specific websites in
order through a specific embedded device based proxy server,
it may be possible to execute a JavaScript Popup within the
remote zone". An avid Firefox user was quoted as on slashdot
as saying "It's times like this that sitting on my high horse
and using a non Microsoft based browser comes in handy".
Vulnerability details are scarce but initial reports are that
100,000,000 machines have been compromised. Chief Cracking
Officer Marc Maiffret of
has issued an unofficial patch that users can download on
.
UPDATE 1:00AM:
Microsoft already has a patch available on
. |
|
|
|
