How to find the SSL Certificate in Chrome

If you ever wanted to know how to find the SSL certificate information in a browser like Chrome, look no further!
CertificateBefore and up to around Google Chrome version 55, I could view the details of the certificate a website was using by clicking on the green lock icon in the address bar.
Now, you can find this information by going to the Three Dots Menu on the Right of your Chrome Window -> More Tools -> Developer Tools, then click on the Security Tab. This will give you a Security Overview with a “View Certificate Button”.
View Cert
CertificateInfo

Using the Same-Site Cookie Attribute to Prevent CSRF Attacks

Thanks to a new cookie attribute, that Google Chrome started supporting on the 29th of March, and other the popular browsers followed, there is now a solution. It is called the Same-Site cookie attribute. Developers can now instruct browsers to control whether cookies are sent along with the request initiated by third party websites – by using the SameSite cookie attribute, which is a more practical solution than denying the sending of cookies.

Setting a Same-Site attribute to a cookie is quite simple. It consists of adding just one instruction to the cookie.  Simply adding ‘SameSite=Lax’ or ‘SameSite=Strict’ is enough!

Set-Cookie: CookieName=CookieValue; SameSite=Lax;
Set-Cookie: CookieName=CookieValue; SameSite=Strict;

Read more on the Netsparker website

Prerequisites:

IIS Server with URL Rewriter Module Installed.

.NET Code

<system.webServer>
<rewrite>
<outboundRules>
<rule name=”Add SameSite”>
<match serverVariable=”RESPONSE_Set_Cookie” pattern=”.*” />
<conditions>
<add input=”{R:0}” pattern=”; SameSite=strict” negate=”true” />
</conditions>
<action type=”Rewrite” value=”{R:0}; SameSite=strict” />
</rule>
</outboundRules>
</rewrite>

Login page password-guessing attack (Accunetix)

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works.

This login page doesn’t have any protection against password-guessing attacks (brute force attacks). It’s recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.

CVSS Base Score: 5.0
– Access Vector: Network
– Access Complexity: Low
– Authentication: None
– Confidentiality Impact: Partial
– Integrity Impact: None
– Availability Impact: None
CWE CWE-307
Affected item /Admin/Login.aspx
Affected parameter
Variants 2

Blocking Brute-Force Attacks

A common threat Web developers face is a password-guessing attack known as a brute-force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. If your Web site requires user authentication, you are a good target for a brute-force attack. Continue reading “Login page password-guessing attack (Accunetix)”

What is Identity Theft?

According to the Federal Trade Commission identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make or until you’re contacted by a debt collector.
Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.
Continue reading “What is Identity Theft?”

Cyber Crime Protection Methods

There is a very old and correct saying that goes on to say that a coin has two sides.

Like a coin almost every aspect of life has two sides. For example the most common example can be taken of the advent of technology and the crime associated with it. With the advent of time and technology, computers have formed an integral part of the working society.

Computers along with them have brought greater work and time efficiency in the working circle of the society as a whole. But there comes the twist. Along with all the benefits that computers and technology have brought, there also comes the rising and alarming threat of cyber crime.
Continue reading “Cyber Crime Protection Methods”

Internet Security Through Code Signing, 2017 revision

I originally posted this article in 2014 and I wanted to rehash a few methods of performing code signing.

Internet Security Through Code Signing

Code signing is the method of using a certificate-based digital signature to sign executables and scripts in order to verify the author’s identity and ensure that the code has not been changed or corrupted since it was signed by the author. This helps users and other software to determine whether the software can be trusted. Continue reading “Internet Security Through Code Signing, 2017 revision”

How does ransomware work?

We’ve all heard at one point ransomware being mentioned – computers hijacked by evildoers and then encrypted with a key which was available at a cost to the unaware user.

People have been asking – how does it spread? Can it come through the network? Is it a download or an exe file you have to click to get it on your machine?

What makes ransomware so effective? Continue reading “How does ransomware work?”