Account Brute Force Possible Through IIS NTLM Authentication Scheme

What is IIS NTLM Authentication Scheme Authentication is the process of identifying whether a client is eligible to access a resource. The HTTP protocol supports authentication as a means of negotiating access to a secure resource. NT LAN Manager (NTLM) authentication is a challenge-response scheme that is a securer variation of Digest authentication. NTLM uses… Read More »

How to verify “Account Brute Force Possible Through IIS localstart.asp Authentication Interface” vulnerability?

Qualys scanning found a vulnerabilities-“Account Brute Force Possible Through IIS localstart.asp Authentication Interface” as below. I need to do black box testing to verify this vulnerability. If anybody would be willing to help, it would be greatly appreciated! THREAT: The file “localstart.asp” is part of the default Microsoft IIS install. By default it is password… Read More »

Configuring Anonymous FTP Authentication (IIS 6.0)

You can configure your FTP server to allow anonymous access to FTP resources. If you select Anonymous FTP authentication for a resource, all requests for that resource are accepted without prompting the user for a user name or password. This is possible because IIS automatically creates a Windows user account called IUSR_computername, where computername is… Read More »

7-Zip gets an update to fix major security vulnerabilities

Security researchers from Talos have written a bunch of fancy words on their blog here, which basically say 7-Zip has a couple of serious security flaws. Everyone’s up in arms about it, too. There are two major security flaws found in the program, one which allows hackers to remotely execute code (basically run programs from… Read More »

What is a vulnerability?

Dictonary.com has several meaning for the word vulnerable, but when it comes to the computer world a the meaning of a vulnerability is no different.  To define a vulnerability simply means a computer network or application is open to attack. There is an existing weakness whether it is in the computer its self of procedures… Read More »

What is a vulnerability assessment?

Vulnerability assessment  is a process that defines, identifies, and classifies the security gaps (vulnerabilities) in a computer software, network or infrastructure. An alternate term for vulnerability assessment is vulnerability analysis and this is an commonly used to determine counter measures for plugging these loopholes for product improvement or fight against external intrusion. Vulnerability assessments can be outlined using… Read More »

What is a dedicated hosting server?

A dedicated hosting service, dedicated server, or managed hosting service is a type of Internet hosting in which the client leases an entire server not shared with anyone else. This is more flexible than shared hosting, as organizations have full control over the server(s), including choice of operating system, hardware, etc. There is also another… Read More »

Features of Exchange Server Hosting

Security and reliability Exchange Online helps protect your information with advanced capabilities. Anti-malware and anti-spam filtering protect mailboxes. Data loss prevention capabilities prevent users from mistakenly sending sensitive information to unauthorized people. Globally redundant servers, premier disaster recovery capabilities, and a team of security experts monitoring Exchange Online around the clock safeguard your data. And… Read More »