Tech Sharing

Tech Sharing


Posts Tagged ‘ security ’


Google, in its Google Apps Update Blog, announced a new third option to their two-step verification system. The option, which will see a gradual rollout, aims to bolster log-in security with a solution that is surprisingly simple.

Available for both Android and iOS, the new two-step verification gives users an option to verify their log-in activity by either using a Security Key, a verification code sent to their smart device or through a simple prompt.

The pop-up prompt displays a dialogue with your name, profile image, and current location (city), and device you are trying to log-in from. Underneath it is a simple “No, deny sign-in” or “Yes, allow sign-in” to approve the sign-in request.

Google, in their blog post, notes that Android users will need updated version of Google Play Services to use Google prompt while iOS users will need the Google Search app to use Google prompt.

A new password-free system is currently being tested by a small group. The project, which was launched by Google, aims to remove what is often the weakest link of any login system, the password, while providing an alternative secure login method that is less troublesome than the current two-factor authentication.

The system is similar to Account Key launched by Yahoo, and once you boil it down, it actually isn’t all that different from the two-factor authentication. Here is how it works: When you log into your account, rather than entering your password, you select a button that sends a push notification to your phone. You then select the push notification, open the app, which asks you if you are attempting to log in. Once you approve the log-in on your phone, the account opens in your browser.

But what if your device is stolen or if your password has been phished? According to Google, your lock screen or Touch ID should be more than enough to activate your phone (You do lock your phone, don’t you?). As a pre-cautionary measure, Google also advises that you sign into your account from another device and remove account access from the device which you no longer in your possession of.

The server lockdown guide for ColdFusion 10 is now available on the Adobe website. The ColdFusion 10 Server Lockdown Guide will help server administrators secure their ColdFusion 10 installations. You will also find several tips and suggestions intended to improve the security of your ColdFusion server.


ColdFusion 10 Server Lockdown Guide (763)

The latest free WordPress eBook from Code Poet has arrived, Locking Down WordPress. This new eBook from Rachel Baker, Brad Williams, and John Ford, will show you how to secure your WordPress installation and take care of it when things get out of hand.


In Locking Down WordPress, seasoned WordPress pros Rachel Baker, Brad Williams, and John Ford take you through everything you need to know to make sure you have WordPress security under control.
Security should be one of your fore-most concerns with any website, and this eBook is free and available in PDF, EPUB, and Kindle formats, so get it while it’s hot!


Locking down wordpress (521)

Hacking and attacking of web server or computer over the internet is no longer a new story, whoever connect their device to the internet will be potentially being attack. Normally the attack is done by connecting to your computer or let your computer to connect to certain dangerous web site to download the malware. What can we do to help to reduce the potential risk other than install antivirus is by blocking the communication between our devices


PeerBlock is a type of program known as an “IP Blocker”. IP-addresses are used to identify a computer whenever it connects to the internet. PeerBlock will sit between your computer and ourside world and monitor each of the connection that your computer try to make to as well as any connection that try to make with you.


If any of the IP address that try to communicate with/from are listed in the “known bad” list, than PeerBlock will blocked.


PeerBlock come with a list of pre-defind list of IP for P2P web site, Spyware web site, advertising and data tracker servers, and also Educational institutions and universities. Not only the predefined list available for you to use, you may also get IP list from I-BlockList to either allow it or blocked it from accessing your network.
Other than this, you may also create your own list which can specific to either want to block the IP in the list or always allow the IP in the list.


The most important and beautiful part of PeerBlock is it totally free.


PeerBlock home page

PeerBlock (368)


The application home page for PeerBlock


PeerBlock List manager, you can select the predefined list, create a custom list or get the list from


This is where you can create your own defined IP list to either blocked it or allow it


PeerBlock history page which show the blocked and allow IP address, it also provide the function to search for any record in the history list

SplashData, well-know provider of password management applications just list out the “25 Worst Passwords of the Year”. The list was compiled from files containing millions of stolen passwords posted online by hackers. If you are using any of the passwords in the list, change your password immediately!


If any of your current password is listed in the list, it’s highly recomand that you should do something in order to secure your information on the Internet.


In an effort to encourage adoption of stronger passwords, SplashData, a leading provider of password software for more than 10 years, today released its “25 Worst Passwords of the Year” list for 2011. According to SplashData, the most common passwords on the web are:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football


SplashData suggests making passwords more secure with these tips:

  • Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
  • Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.

Recently running some security checking of one of my web site and found out that getting the alert of deprecated SSLv2.0 protocol still enabled on my server. This is also one of the requirement from Payment Card Industry Data Security Standrad (PCI-DSS) v1.2.

So I spend sometime to Google it and go through some forum + blog, finally found out the solution to turn it off, but microsoft not providing the UI way to do that, have to manually go to registry and edit it by our self. How to check is my server are enable the SSLv2?

There are many way to check the configuration including using the Open SSL (I’m not too familiar with the OpenSSL so i use the alternative way – web). You may go to, enter your web domain or IP address of your server which enabled the port 443 or you may edit the port number if you not using the standard SSL port of 443. After all, just click on SSL-Check.

How to disabled the SSL2.0 in window server 2003?

  1.  Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate the following registry key/folder: HKey_Local_Machine/System/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/SSL 2.0
  3. Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
  4. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
  5. Enter Enabled as the name and hit Enter.
  6. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn’t, right-click and select Modify and enter 0 as the Value data.
  7. Restart the computer.
  8. Verify that no SSL 2.0 ciphers are available at or the Public SSL Server Database

Registry key location which you may need to touch on

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/DES 56/56] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/NULL] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC2 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC2 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC4 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC4 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Ciphers/RC4 64/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/PCT 1.0/Server] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/SecurityProviders/SCHANNEL/Protocols/SSL 2.0/Server] "Enabled"=dword:00000000

D & E Safety Consultant Logo

The bodyguard or close protection officer is a type of security operative agent who protects a person, usually a famous, wealthy or politically important figure from assault, kidnapping, assassination, stalking, loss of confidential information, terrorist attack or other threats around the world 24/7.

D & E Safety consultant ( is one of top bodyguard and consultant in Malaysia who provide the services including Close protection which ensure the security of their client at anywhere and at anytime.

Besides that, armed ascot also the other services that provided by D&E safety consultant where they provide the security on the road when you need to transport important items from one place to another. Their high skilled team will escort your vehicles to the destinations securely as well as ensure the safe transport of valuable goods.

Other than that, D & E Safety Consultant provides armed and unarmed security services for a wide range of commercial clients including office buildings, department stores, retail establishments, hotels, nightclubs, and restaurants.

Event Security at any public or private event that needs well-planned security coverage, D & E safety consultant is your choice that you can believe and trusted in. D & E Safety Consultants’ CPO are well train to handle the safety and security from trade shows, concerts, conferences, festivals to sports and private. D & E Safety Consultant’s CPO will safeguard the smooth running of your event and ensure that your guests and partners can enjoy themselves with total confidence.

Last but not least, D & E safety consultant also provide the arms and practical shooting training to all close protection officer and teach the basic knowledge, skills, and attitude for owning and operating a pistol safely at anytime, anywhere.

For more information about D&E safety consultant, you may have a look on their web site or contact them via following detail:

Address: 9-5, The Boulevard,
Mid Valley City, Lingkaran Syed Putra,
59200 Kuala Lumpur.

Tel: +603-2287 0511 / +603-2287 6511

Fax: +603-2287 9511


Email: [email protected]

We store a lot of important information in Excel file which we don’t want other to grant any access to that information. By using Microsoft Excel 2007 you may do so by protect your whole workbook.


In order to do that, click on File –> Save As.On the file-save pop up window, select the location where you which to store your file and type in the file name, after all, click on the tools at the bottom of the window and select General Options. A small window will pop up to ask you to enter the password to open as well as password to modify.


Pop up saved as window

Select general option from the drop down tools menu

Enter the password for view and modify your excel file

By enter these 2 passwords, Microsoft will protect your entire workbook and prevent anyone else to open and view your contents. Make sure you will remember your password that you enter as if you lost that password, it’s not an easy job to get back your content in your excel file.



The password will be require whenever you try to open the excel file

All the web developer, web admin, as well as DB admin are always facing the attacking from all around the world toward their web site, but how to prevent it?

Some may use the 3th party software to prevent it, some may just filter all the possible keyword enter by the user, some will use the database store procedure to prevent it. The following are some of the keyword that you may need to take care of when you allow your user to enter any input to your system.

Web site injection attack keyword (771)