Skip to main content


Showing posts from April, 2011

Insecure protocols

Some basic insecure protocols and risk associated with them: FTP/Telnet/Rlogin/rsh/Rexec : These are insecure protocols because they use plain text authentication. This means that when you authenticate to the telnet or ftp server you send your login and password across the network un-encrypted or "in the clear". Data and even the password are transmitted as plain text. In addition to sending the login and password in the clear telnet and ftp also send the data or payload in the clear as well. There are commonly available programs that constantly monitor the network for packets that contains passwords. Preferably, all telnet and rlogin servers and clients should be removed from all machines. Disable them if not used. SNMP : Simple Network Management Protocol (SNMP) is a protocol for network management. SNMP lacks any authentication capabilities, which results in vulnerability to a variety of security threats. These include masquerading, modification of information, m

Enabling support for old plugins in Firefox 4.0

With release of Firefox with new look and other security features (CSP,HSTS) I couldn't resist myself from updating my current version 3.6 to 4.0. But, to my disappointment, lots of plugins which are necessary to me for carrying out my day to day assessment were not supported in FF4.0. I can't wait for them to extend their support to FF4.0. I got a nice trick to enable them. Go to the following path on your Windows XP machine: C:\YourUserDir\Application Data\Mozilla\Firefox\Profiles\8l13fo9x.default\extensions There you will find folders named as your extensions e.g for Firesheep, its "". Go inside them, you will find one install.rdf file. Open the install.rdf file and edit the em:maxVersion tag, change the value from 3.6 to 4.0.*. Restart the browser and your plugin will be enabled ! Reference: