~ I offers security consulting services within the space of Penetration Testing , Ethical Hacking , Vulnerability Assessments and Security Code and Configuration Reviews ~!

Remote Presentation Auth_key Issue In Prezi

Remote Presentation Auth_key Problem


Let me explain this issue with the following example.








abc is the presentation _ (1)
123 is second presentation. _ (2)

I start remote Presentation of abc. with constant parameter of all presentations ?follow=r_rk7caxdncs , and Auth_key ngwd219. Now I found someone Auth_key, Even every active Auth_key can start Remote Presentation of every work.
The Impact is so clear from the example. I can use Auth_key of abc with 123 presentation or vice versa. or any Active Auth_key can start the presentation.


One more issue is constant follow parameter in every post.

Gist: https://gist.github.com/zsellera/4fe26ee7c546a4d136f4



READ FULL POST

October is National Cyber Security Awareness Month (NCSAM)

Hi Everybody,

As you all know that October is National Cyber Security Month, and SingleHop is dedicated this to helping spread the word about how people protect themselves from different attacks.

First of all, Password is the most important thing that you should have to protect your data, information and yourself. It is said that

"Don't make a password in which your Secret is exist, Make a Unique and Strong password and Safe your all secrets behind it"

If you have a strong and unique password, now you should be take care of the following things:
  • Don't share your password with anyone.
  • Don't enter your password on an untrusted computer.
  • Don't enter same password on every application.
  • Change your password Occasionally.

In the recent year of 2014, nearly 5 million gmail accounts and passwords leaked by Russian Hacker. Hacker was claimed that around 60% of the passwords are still valid, although some users change the password.
 According to the researchers, this is nothing but just a rumor. The Hacked accounts compiled from different sources like Vulnerable applications, though Phishing Attacks etc.

What is Phishing Attacks?
Phishing is an Fraud method in which attacker make a well known design of the particular site and coded a Payload on backend. When user enter their information on it. It sends to the Attacker and Victim redirect to the original site.

One more important feature has already introduced, Two-Factor Verification Process. It was first introduced by Google.

What is Two-Factor Verification Process?

Two-factor Verification is a process to strengthen authentication is require a second factor after the username/password stage.


How Two-Factor Authentication Method Works?

The first step is to Login In with your username/email and password.
The enabled Two-Factor Authentication requires a Mobile Phone, which on every login attempt requires a unique code that will send via SMS to the given number.

SingleHop also using this feature to safe User data, they take care of it more seriously.

In 2012, three servers of Godaddy failed to resolve a result of the hack. Millions of Godaddy hosted websites went down for more than 5 hours. So, using a Secure, Relaible and Branded Server is also important to safe internet.

Mostly, Servers hacked due to Old Infra, Not updated, Vulnerable codes, Misconfigurations, Poor Scripting, Vulnerability thirdparty if application and its a Developer rights to demand particular official Company like SingleHop to take more responsibility for securing their data. SingleHop took step against these hacks and embeds security features and made a secure dedicated servers for developers. SingleHop added Server's own Application, Differents Account Levels, Monitoring System, Antivirus Protection, Application patching and Firewalls to ensure that company's data is always safe and protected.
READ FULL POST