Happy Valentine ‪#‎Deal‬

Coupon Code : 14FEB16

This ‪#‎Valentine gift your Loved one with a ‪#‎Website‬ (innovative ‪#‎gift‬) For that you need Hosting. We are standing with you by giving Huge ‪#‎Discounts on Shared ‪#‎Hosting. Make your dear one special... Let this world see your emotions. Visit us @ http://www.icloudjunction.in/?coupon=14FEB1 , Feel Free to Contact us.

Netflix to start encrypting all data streams

It's official…Netflix has decided to put an end to unencrypted streaming once and for all. In a recent interview, the streaming service giant announced that it will once again be encrypting all the connections between their servers and their client base. This bold move isn't just a small update and this isn't the first time Netflix has announced that it will be pursuing this line of action in order to provide the utmost security for their users.

According to Netflix Director of Streaming Standards Mark Watson, Netflix chose a subset of users to test this new tech on, and found that they lost half of their capacity during the trial run. The main cause of these less than stellar results is the fact that HTTPS is not able to utilize certain optimizations that Netflix employs in their streaming.

Comodo Positive vs. Essential SSL: What's the Difference?

Comodo Positive and Comodo Essential SSLs are extremely popular products for customers around the world. Their popularity stems from their low cost and ease of issuance, since both certificates only require that the recipient verify they own the domain they wish to cover. Both options also provide the same level of industry standard encryption, either 128- or 256-bit. So, what exactly sets them apart? Why pay more for an Essential when you could get a Positive? The true difference lies in the site seals.

Site Seals are the brands that customers associate with safe shopping. The more recognized or trusted the site seal is, the more the customer is likely to feel safe and comfortable making a purchase on a website. Site seals are one of the main differentiators when it comes to SSL, since they have a direct effect on conversions.

The image on the left is the Site Seal provided when you purchase a Comodo PositiveSSL. As you can see, the Comodo Positive SSL comes with a branded "Positive" site seal – with the Comodo name barely visible. Many users are not aware of what SSL stands for, nor do they know that Positive SSL is a security service. The fact that ‘secured by Comodo’ is on the seal at the bottom only serves to confuse as the seal isn’t in the Comodo colors, nor does it look or feel like the same company. While companies in the industry understand that a PositiveSSL does provide industry standard encryption, your average consumer is much more trusting of a highly recognized and respected brand like Comodo.

HTTP2 will mean a change in how we should build websites

HTTP2 will mean a change in how we should build websites. The best practices of HTTP1 are harmful in a HTTP2 world.

HTTP1 is slow and inefficient for the majority of today's use cases on the web.

HTTP1.x is the version of HTTP we are all familiar with. It's an old protocol that was designed before we knew what the world wide web would become. While it does the job, it's just not very efficient at it anymore because what we demand of it is quite a lot more complex than what it was designed for.

To get websites to load in an acceptable time using HTTP1 we have developed a series of techniques; hacks really; to eke performance out of this old protocol. 

They are:

Spriting: taking multiple images, combining them into one image, and using CSS to only show part of that image in a particular place.

Concatenating: Taking multiple CSS or JS files and sticking them into one large file.
Serving assets from a cookie-less domain.

Sharding: creating different domains or sub-domains to host assets like images.

BIG FEBRUARY Upto 25% Discount

Big Offer of the Year.

We are excited to announce Big Offer of the Year. Buy any Linux Hosting from us and Get 25% Discount on Total Amount in Your cart.

This Offer is valid for limited Period

We are also offer Huge Discount on Our Dedicated Servers. Buy your dedicated server from us and GET 5% Discount and 1 Comodo Positive SSL free for lifetime*

For Limited Stock. First Come and First Serve

Why don't you buy your domain name just at Rs.99/yr.

Buy .PW or .XYZ domain name just at Rs.99 for a year.

BOOK DOMAIN NOW

We also have many offers.... Just come and Grab your offer Now.

cPanel, Inc. has released EasyApache 3.28.2 with PHP versions 5.4.37 and 5.5.21.

cPanel, Inc. has released EasyApache 3.28.2 with PHP versions 5.4.37 and 5.5.21. This release addresses vulnerabilities related to CVE-2015-0231, CVE-2014-9427, and CVE-2015-0232 by fixing bug in the Core module, Exif extension, and CGI. We strongly encourage all PHP 5.4 users to upgrade to version 5.4.37 and all PHP 5.5 users to upgrade to version 5.5.21.

AFFECTED VERSIONS
All versions of PHP 5.4 through version 5.4.36
All versions of PHP 5.5 through version 5.5.20

SECURITY RATING
The National Vulnerability Database (NIST) has given the following severity ratings to these CVEs:

CVE-2015-0231 - MEDIUM

PHP 5.4.37
Fixed bug in the Core module related to CVE-2015-0231

PHP 5.5.21
Fixed bug in the Core module related to CVE-2015-0231

SHA-1 Sunsetting, Google, and Your Next Steps.

What is happening, and what was happening?

The SSL Industry and the CA/B Forum have planned for the "sunsetting" (depreciation) of the SHA-1 signing algorithm for quite some time. However, their plan was mainly formed around Microsoft's desires to phase it out in 2017, alongside the end-of-life for Windows XP. This was widely understood to be the approved plan for CAs to follow, and the preparation for moving from SHA-1 to its successor, SHA-2, wouldn't be necessary for many months from now.

However, Google recently made an announcement, in stark contrast to Microsoft's plan, that they are implementing their own SHA-1 sunsetting timeline, which will begin on September 26th 2014.

This timeline has three distinct stages, which will result in degraded visual indicators in Google Chrome (padlock, green-bar) for SHA-1 signed certificates meeting specific criteria (this is discussed in the section "What certificates are affected?" below).

This means it is now necessary to educate and assist our partners and customers on how to make the transition away from SHA-1.

Why?

First, let's understand what SHA-1 does. Both SHA-1 and its successor, SHA-2, are specific types of signing algorithms. Signing algorithms are used as part of the identity validation role that SSL certificates perform. They are mathematical functions (referred to as a "hash") which, when performed, should calculate a persistent and unique value for each file. So, for instance, the Word doc this text is stored in has a unique SHA-1 hash value. If I change a single part of this file – add an extra period somewhere, change a letter, etc. – it will produce a different SHA-1 hash value.

When a certificate is downloaded from a server to the client's browser, a hash is taken of it. The type of hash taken (SHA-1, SHA-2, MD5, etc.) depends on how the certificate is signed. The hash calculated by the browser is compared to the hash value provided by the server, which has been verified by the Certificate Authority (CA) at the time of issuance. If they match, the identity of the certificate and server are verified.

When is this happening?

Google's policy involves three distinct steps, the first beginning on September 26th. On this date, only customers with SHA-1 signed certificates expiring in 2017 are affected. However, the amount of affected certificates will expand in November, and again in Q1 2015. The full details on what certificates are affected is in the below section, "The Nitty Gritty."

What certificates are affected?

Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169)

Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

Update: 2014-09-29 05:00 UTC

Malware is circulating that exploits this vulnerability. For more details, see this article.

Update: 2014-09-26 05:15 UTC

Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169.

Updated bash packages that address CVE-2014-7169 are now available for Red Hat Enterprise Linux 5, 6, and 7, Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support, and Shift_JIS for Red Hat Enterprise Linux 5 and 6. See alsoResolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) in Red Hat Enterprise Linux.

Diagnostic Steps

Red Hat Access Labs has provided a script to help confirm if a system is patched against to the Shellshock vulnerability. You can also manually test your version of Bash by running the following command:

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If the output of the above command contains a line containing only the word vulnerable you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

Java based Cross platform malware targeting Apache Tomcat servers in the wild

Takashi Katsuki, a researcher at Antivirus firm Symantec has discovered a new cyber attack ongoing in the wild, targeting an open-source Web server application server Apache Tomcat with a cross platform Java based backdoor that can be used to attack other machines.

The malware, dubbed as "Java.Tomdep" differs from other server malware and is not written in the PHP scripting language. It is basically a Java based backdoor act as Java Servlet that gives Apache Tomcat platforms malicious capabilities.

Because Java is a cross platform language, the affected platforms include Linux, Mac OS X, Solaris, and most supported versions of Windows. The malware was detected less than a month ago and so far the number of infected machines appears to be low.

You may think that this type of attack only targets personal computers, such as desktops and laptops, but unfortunately that isn’t true. Servers can also be attacked. They are quite valuable targets, since they are usually high-performance computers and run 24x7.

Java worm seeks out for the system having Apache Tomcat installed-running and then attempts to log-in using the password brute-force attack using combinations of user names and passwords.

After installation, the malware servlet behaves like an IRC Bot and able to receive commands from an attacker. Malware is capable of sending-downloading files from the system, create new processes, update itself, can setup SOCKS proxy, UDP flooding i.e. Can perform massive DDoS Attack.

They have mentioned that the command-and-control servers have been traced to Taiwan and Luxembourg. In order to avoid this threat, ensure that your server and AV products are fully patched and updated.

                                                                                                                   Source: TheHackerNews.com

BIG BANG !!!! JULY PROMO !!!!

We are very happy to announce some of great deals on our products. We have launched one the best security products from SITELOCK. We have launched Sitelock Website Security. This product is available in our web store icloudjunction.in 

In addition with our current hosting products (Linux VPS, Linux Dedicated Servers, Shared Hosting servers), we are also offering our services and expertise in Windows VPS, Windows Dedicated Servers, Server Colocation, Cloud Hosting from our TIER III Datacenters.

                                          Currently Running Hot Promotions                                       

Free Domain and Hosting Promo

To avail this promo, Purchase Single Domain Lin/Win Hosting on INDIA/US Datacenter. It's a great deal of this month. Represent your country with your Domain. #HappyOfferings #HappySelling #INDIA #US #Domain #Hosting Feel Free to Contact Us. Log on to www.icloudjunction.in.

.CLUB for Lowest Price

Great offer of this month on www.icloudjunction.in. BOOK your .CLUB and ensure your club's online presence. Offer is valid for limited period.

How to Install SSL Certificate using WHM/CPanel

To install this once you have got to the installation screen you will need to fill in all the correct information in the relevant areas.

Step 1 : In the first box, you will need to paste your domain / site certificate from the zip file that you received from Positive SSL.

Step 2 : Fill in the required domain / user / IP address information.

Step 3 : In the middle box, you will need paste the correct RSA private key that was generated with the CSR that you sent to Comodo to get your certificate generated.

Step 4 : In the bottom box, you will need to paste the correct PositiveSSLBundle file for you certificate.(which you can download from our support section also sent to you in the zip file as XXXXXX-ca-bundle)

(this is the combined AddTrustUTNServerCA and PositiveSSLCA files supplied in the zip file that was sent to you and is also available from the support section of the website.)

Step 5 : Press the "Do it" button

The SSL certificate is now added to your server and assigned to the domain.

Source : Comodo

DDoS attacks using SNMP amplification on the rise !

Attackers are increasingly abusing devices configured to publicly reply to SNMP (Simple Network Management Protocol) requests over the internet to amplify distributed denial-of-service attacks.

This amplification technique, which is additionally known as reflection, can on paper work with any protocol that's vulnerable to science (Internet Protocol) address spoofing and might generate giant responses to significantly smaller queries. Attackers can craft requests that seem to originate from the science address of their intended victim in order to trick servers that accept requests over such protocols from the internet to flood the victim with information.

Many DDoS attacks within the past year have used misconfigured DNS (Domain Name System) and NTP (Network Time Protocol) servers for amplification. However, devices that support SNMP, a protocol designed to allow the observation of network-attached devices by querying info about their configuration, may be abused if the SNMP service is directly exposed to the internet. SNMP-enabled devices with such configurations are often found each in home and business environments and embody printers, switches, firewalls and routers.

What is DDoS denial of service?

What everyone needs to know about DDos?

DDoS stands for Distributed Denial of Service. A malicious hacker uses a DDoS attack to form a computer resource (i.e. – website, application, e-mail, voicemail, network) stop responding to legitimate users. The malicious hacker will this by commanding a fleet of remotely-controlled computers to send a flood of network traffic to the target. The target becomes therefore busy dealing with the attacker’s requests that it doesn’t have time to reply to legitimate users’ requests. that can cause the target system to prevent responding, resulting in long delays and outages.

What is a distributed attack?

One DDoSer can do a lot of injury. These denial of service attacks area unit known as distributed as a result of they are available from several computers right away. A DDoSer controls an outsized variety of computers that have been infected by a Trojan virus. The virus is a small application that allows remote command-and-control capabilities of the computer while not the user’s information.

What is a zombie and a botnet?

The virus-infected computers area unit known as zombies – as a result of they are doing whatever the DDoSer commands them to try and do. an outsized cluster of zombie computers is termed a robot network, or botnet.

The Benefits of Acunetix WVS AcuSensor

Acunetix AcuSensor Technology is a new security technology that allows you to identify more vulnerabilities than a traditional Web Application Scanner, whilst generating less false positives. In addition it indicates exactly where in your code the vulnerability is and reports also debug information.

The increased accuracy is achieved by combining black box scanning techniques with feedback from sensors placed inside the source code while the source code is executed. Black box scanning does not know how the application reacts and source code analyzers do not understand how the application will behave while it is being attacked. Therefore combining these techniques together achieves more relevant results than using source code analyzers and black box scanning independently.

AcuSensor Technology does not require .NET source code; it can be injected in already compiled .NET applications! Thus there is no need to install a compiler or obtain the web applications’ source code, which is a big advantage when using a third party .NET application. In case of PHP web applications, the source is already available.

To date, Acunetix is the leading and only Web Vulnerability Scanner to implement this technology.

Advantages of Using Acunetix AcuSensor Technology

1. Allows you to locate and fix the vulnerability faster because of the ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query.
2. We can significantly reduce false positives when scanning a website because we can internally understand the behavior of the web application better.
3. Can alert you of web application configuration problems which could result in a vulnerable application or expose internal application details. E.g. If ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.
4. Detect many more SQL injection vulnerabilities. Previously SQL injection vulnerabilities could only be found if database errors were reported or via other common techniques.
5. Ability to detect SQL Injection vulnerabilities in all SQL statements, including in SQL INSERT statements. With a black box scanner such SQL injections vulnerabilities cannot be found.
6. Ability to know about all the files present and accessible though the web server. If an attacker gains access to the website and create a backdoor file in the application directory, the file will be found and scanned when using the AcuSensor Technology and you will be alerted.
7. AcuSensor Technology is able to intercept all web application inputs and builds a comprehensive list with all possible inputs in the website and tests them.
8. No need to write URL rewrite rules when scanning web applications which use search engine friendly URL’s! Using AcuSensor Technology the scanner is able to rewrite SEO URL’s on the fly.
9. Ability to test for arbitrary file creating and deletion vulnerabilities. E.g. Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access, or delete sensitive web application files.
10. Ability to test for email injection. E.g. A malicious user may append additional information such as a list of recipients or additional information to the message body to a vulnerable web form, to spam a large number of recipients anonymously.

How it Works

When AcuSensor Technology is used, it communicates with the web server to find out about the web application configuration and the web application platform (such as PHP and .NET) configuration. Once triggered from the Acunetix WVS scanner, the sensor gets a listing of all the files present in the web application directory, even of those which are not linked to through the website. It also gathers a list of all the web application inputs. Since it knows what kind of inputs the application expects, it can launch a broader range of tests against the application.

Screenshot 1 - AcuSensor Technology Functionality Diagram

It has also the ability to scan all SQL transactions taking place between the web application and the database when the web application is being scanned. It hooks between the web application and the database and is able to trace SQL injection vulnerabilities in the code without relying on database errors like other typical scanners do.

AcuSensor Technology Vulnerability Reporting

Unlike other vulnerabilities found by typical scans, a vulnerability reported from the AcuSensor Technology contains much more detailed information. As seen in the examples below, it can contain details such as source code line number, stack trace, affected SQL query etc. Each vulnerability found by AcuSensor Technology, will be marked with ‘(AS)’ in the title.

Example 1: SQL Injection Reported by Acunetix AcuSensor Technology

For the reported SQL injection featured in the screenshot below, the SQL query including the injected content which results into an SQL injection vulnerability is shown. The stack trace information is also displayed, to guide the developer where exactly the problem is.

Screenshot 2 - SQL Injection Reported by AcuSensor Technology

Example 2: Code Injection Reported by Acunetix AcuSensor Technology

For the reported PHP code injection featured in the screenshot below, the vulnerable file name is displayed including the line number of the code which leads to the reported vulnerability. The injected code is also displayed under ‘Attack details’.

Screenshot 3 - PHP Code Injection Reported by AcuSensor Technology

Conclusion

As seen above, using the AcuSensor Technology has many advantages. Apart from the above mentioned advantages, information provided by the AcuSensor Technology helps the developer trace vulnerabilities and fix them in a much shorter time. It also helps them understand what was wrong in the code to allow such vulnerabilities to happen. From this, developers proactively learn more about vulnerabilities and it helps them in writing more secure code for future web applications and increases web security awareness.

Source : Acunetix