Skip to main content

Posts

Showing posts from August 17, 2013

BREACH decodes HTTPS encrypted data in 30 seconds

BREACH decodes HTTPS encrypted data in 30 seconds:- ---------------------------------------------------   A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic , in just 30 seconds . Source:-HACKERS News  The technique was demonstrated at the Black Hat security conference in Las Vegas ( Presentation PDF  & Paper ) by Gluck along with researchers Neal Harris and Angelo Prado, which allows hackers to decodes encrypted data that online banks and e-commerce sites from an HTTPS channel. Neal, Yoel and Angelo ( From left to right) at BlackHat BREACH ( Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext ) is very targeted and don’t decrypt the entire channel. BREACH manipulates data compression to pry out doses of information from HTTPS protected data, including email addresses, security tokens, and other plain text...

How to Disable SSH Root Login in GNU/Linux:-

How to Disable SSH Root Login in GNU/Linux:- -------------------------------------------- As we all know, root SSH login is enabled by default in GNU/Linux. We can easily access our remote servers and manage them if they have any issues via SSH. But it is not advisable to allow directly login as root user via SSH, because anyone can brute force root password and will try to access your servers. It’s better to have a separate user account and you can get root privileges by using su command if necessary. This handy tutorial will describe you how to disable root SSH login in GNU/Linux systems. Disable SSH Root Login Open up the SSH configuration file in any editor: # nano /etc/ssh/sshd_config Search for the line “PermitRootLogin” and change the value from yes to no: [...] PermitRootLogin no [...] Save and close the file. Restart sshd service to take effect the saved changes: # /etc/init.d/ssh restart Now try to login as root user from any client systems. You will an error message lik...