The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication scheme. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text format across the network. Hence, any attacker listening with a packet sniffer can easily read the username and password in plain text format. The username and password are passed with every request not just when the user first types them, so the packet sniffer need not listen at any particular time, but just long enough to observe any single request coming across the wire. Besides, the encryption used in the authentication is also very insecure and can be easily decoded.

Explore More

Critical XSS Vulnerability in http://shwephonecard.com registered parent company is “MMM Network L.L.C.”

PlanetCreator.Net’s Security Team Member Info Freakzz <infofreakzzz(at)gmail.com> has reported another critical XSS vulnerability on http://www.shwephonecard.com  registered parent company is “MMM Network L.L.C.” These are some information from Vulneral Site http://www.shwephonecard.com:

Read More

BackTrack 5 Release

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and

Read More

Plecost: WordPress finger printer tool

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in WordPress systems. It can analyze a single URL or perform an analysis based on the

Read More