By Amol Bharti on April 23, 2010
The Anti Virus programs are supposed to protect you, but that’s not what happened to countless Windows users on Wednesday. McAfee added detection for variants of the W32/Wecorl.a family of Malware to DAT file 5958 on 21st April 2010. This detection caused a false positive that flagged the svchost.exe Windows system file as malicious.
Posted in Avarice News Makers, Network System Security | Tagged 21st april failures, antivirus failure, caused False Positive, dat file 5958, family of malware, Flawed, McAfee, Signature, w32/Wecorl.a
By Amol Bharti on March 17, 2010
India has a tax paying population of 31.5 million and the number is supposed to increase significantly in the coming years. Looking at the number, there is no doubt about the similar phishing attacks happening in future and that’s obvious. All we need is Security awareness about the online scams and attention to our online identities.
Posted in Avarice News Makers, News & Media | Tagged attack, cyber crime, identity protection law india, income tax department, india, online phishing scam, phishing, scam revealed |
By Amol Bharti on February 10, 2010
Can a screensaver be exploited to gain access on your linux gnome? Strangely Yes. This vulnerability applies to Ubuntu 9.10 and the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
Posted in Vulnerabilities | Tagged access control measures, crashing, gain access, screensaver exploit, ubuntu 9.10, unauthorized access, upgrade linux gnome, upgrade ubuntu, vulnerabilities |
By Amol Bharti on January 25, 2010
This short blog gives an overview on how Security in SAP BW, Enterprise Portal and SAP HR is different from SAP R/3 Security.
Posted in SAP Security | Tagged difference, Enterprise Portal Security, EP, how R/3 differs from SAP BW, HR, R/3 security is different, SAP BW Security |
By Amol Bharti on January 21, 2010
All spool requests created after 2009/12/23 with deletion date exceeding 2010/01/01 are wrongly Y2K’ed as 2099/12/31 or 2100/01/01 regardless of their retention period specified during creation. These spool requests will not be deleted if the spool reorg job RSPO0041 or RSPO1041 is executed with a variant that selects requests according to their deletion data, and [...]
Posted in SAP Security | Tagged 2100/01/01, Deletion date, expiry date, SP01, spool full, spool overflow
By Amol Bharti on January 4, 2010
PortQry is a TCP/IP connectivity testing and troubleshooting utility that is included with the Microsoft Windows Server 2003 Support Tools. This utility reports the port status of target TCP and User Datagram Protocol (UDP) ports on a local computer or on a remote computer.
Posted in Network System Security | Tagged Acceleration Server troubleshooting, alternative to Ping, DNS, Domain Name System, Internet Security, ISA, ldap, Lightweight Directory Access Protocol, NetBIOS Name Service, portqry, PortQry troubleshooting, PortQry.exe, protocols, Remote Procedure Calls, RPC, SNMP, Telnet, tracert, Troubleshooting GRC |
By Amol Bharti on December 31, 2009
This blog lists some of the most important and highly recommended SAP Security Notes. Please consult with a security expert or a basis specialist before implementing these security notes.
Posted in SAP Security | Tagged abap, blind sql, Cross Site Scripting, forensic security, missing authorizations, Netweaver, obsolete code, portal security, r/3, SAP Security, SQLi, xss |
By Amol Bharti on December 19, 2009
A new user interface for monitoring operating system environment has been introduced by SAP, in my opinion it’s way better than ST06 or OS07
Posted in SAP Basis | Tagged best practices, new applications, SAP Basis, sap basis tutorial, short blog, tips, tricks |
By Amol Bharti on December 11, 2009
Wow, another fantastic year is about to over and it’s the festive season again. I’d like to take this opportunity to wish everyone a very happy holiday and a good 2010. This blog post is dedicated to my favorite flash authoring application Swish Max3 and miniMax3. If you are looking for some great templates and [...]
Posted in My Epitomization | Tagged 2010, favorite blogs, forum posts, Happy New Year, Swish Max3, Swish MiniMax3, swishzone, tutorials, X-mas 2009
By Amol Bharti on December 10, 2009
If you have firefox and xulrunner installed on Linux ubuntu, now is the time to update the packages. Checkout the insights on the vulnerability and recommendations to patch your system.
Posted in Vulnerabilities | Tagged advisories, browser engine bug, firefox, firefox flaws and security breach, linux flaws, recommendations, security advisory, security vulnerability, ubuntu, vulnerabilities |
By Amol Bharti on November 27, 2009
Given are a few guidelines for an effective SAP Portal implementation. Stay tuned for the amudee.com security series, a lot more to come..
Posted in SAP Security | Tagged 0 day exploit, codergeek82, Collaboration Security, exploiting SAP Portal with Google hacking., GRC Security, Hacking SAP Portal, Knoweledge Management, Portal vulnerability, SAP Enterprise Portal Security, SAP Portal Security Guidelines, Secure your SAP Portal, zero day |
By Amol Bharti on November 27, 2009
During an SAP Portal Security review, I came across a scenario where HTTPOnly flag in session cookie was not set. Please checkout the recommendation given in this short blog.
Posted in SAP Security | Tagged ethical hacker india, httponly flag in cookie not set, recommendations, sap hacker, sap portal security, SAP Security |
By Amol Bharti on November 26, 2009
In my earlier blog, I had promised to cover some of the most critical security issues that you may face sooner or later. So here are some pointers for you to re-evaluate your SAP Portal implementation and fix the significant issues before someone else breaks-in. Here is a POC with some snapshots.
Posted in SAP Security | Tagged 0 day exploit, codergeek82, Collaboration Security, exploiting SAP Portal with Google hacking., GRC Security, Hacking SAP Portal, Knoweledge Management, Portal vulnerability, SAP Enterprise Portal Security, Secure your SAP Portal, zero day |
By Amol Bharti on November 26, 2009
In this series of blogs, I will be focusing more on the core SAP security, Portal, Netweaver and some other topics like XSS, So keep watching the space.
Posted in SAP Security | Tagged 0day exploits, back door access, CA, ethical hacker india, forensic, hacking sap, NASA vulnerabilities reported, sap, sap portal vulnerabilities, SAP Security, white hat hackers, zero day |
Response to Bill and Jim’s Open letter
By Amol Bharti on March 14, 2010
Amol Bharti’s response to a blog post “Open letter to SAP Customers from SAP’s Co-CEOS Jim Hagemann Snabe and Bill McDermott”
Posted in My Epitomization | Tagged Bill McDermott, comments, feedback, Jim Hagemann Snabe, response, response to bill and jim, sap open letter, social media | Leave a response