Tag Archive for 'security'

The main log management solutions available on the market have different features, and different way of handling the data. This article focus on how ArcSight Logger, Loglogic and Splunk are handling archives, and what are their integrity functionalities.

How the different log management solutions are handling the data archiving ?
ArcSight allocates data by one gigabyte [...]

September 5, 2011, 12:42 am lock

As reported by Kaspersky, most browsers (and proxies ?) supports URL with IP addresses in format others than decimal, which can be a good way to bypass network security:
http://0×42.0×66.0×0d.0×63/
http://0×42660d63/
http://1113984355/
http://00000102.00000146.00000015.00000143/
The previous URL are working with both Firefox and Chrome.

March 24, 2010, 2:15 pm lock

As reported by the ISC, some people are using images to hide PHP code : if an image, contains PHP code, for example in the comment section, it may be included as an usual PHP file, and the PHP code will be happily executed. It may be a great way to hide malicious code in [...]

June 19, 2007, 4:19 pm lock

It is possible to an authenticated user in Cacti to modify the graph_start and graph_end parameters values in the URL, and specify higher numbers than expected in order to make cacti use all the server CPU.
For example, if an user modify a graph URL as seen is the location bar:
http://localhost/cacti/graph_image.php?local_graph_id=2&rra_id=0&view_type=tree&graph_start=1164236234&graph_end=1179871034
to this one:
http://localhost/cacti/graph_image.php?local_graph_id=2&rra_id=0&view_type=tree&graph_start=1164236234000&graph_end=1179871034000
rrdtool will take [...]

June 2, 2007, 12:17 pm lock

You will find here some bugs or issues I found in Fortinet Fortigate firewall/IDS/Anti-Virus/Anti-Spam gateway.
CVE-2005-3057 : Bypass Fortinet anti-virus using FTP
CVE-2005-3058 : Bypass Fortinet URL filtering

AV analysis impact on network performance:
I found a 23 K file for which the AV analysis causes some important delay for network connections (this file is here).
Configuration:
We are using [...]

February 13, 2006, 3:34 pm lock