Currently viewing the category: "Information Security"

vTiger Customizations – Part 5 – Implementing User Account Lockout in vTiger CRM

By On March 17, 2011 · Leave a Comment · In CRM, Development, General, Information Security, vtiger CRM

This is a continuation of a Part 4 – Implementing User Account Lockout in the Customer Portal, regarding implementing account lockout in the Customer Portal.  Now, I’ll go through how to do this in the vTiger CRM application.

PLEASE [...]

Continue Reading

vTiger Customizations – Part 4 – Implementing User Account Lockout in the Customer Portal

By On February 16, 2011 · Leave a Comment · In CRM, Development, General, Information Security, vtiger CRM

I submitted the updates to the Trac site for vTiger as diff updates to the vtigercrm 5.2.1 code, which might be easier to use to update the code.

The current version of the vTiger Customer Portal (5.2.0) is susceptible to a brute force attack in that it doesn’t enforce strong passwords of Customer [...]

Continue Reading

Implementing uPnP on multiple segments via MiniUPnPd

By On December 14, 2010 · Leave a Comment · In DD-WRT, General, Information Security

In a previous post, I outlined how to segment each port of an ASUS RT-N16. Now, I’ll go over the details of implementing uPnP on one or more segments.

First off, autobot on the DD-WRT forums posted the code and binary for MiniUPnPd (link).  The script and binary provided are great.  [...]

Continue Reading

Segmenting your network on an ASUS RT-N16 using DD-WRT

By On November 5, 2010 · 5 Comments · In DD-WRT, General, Information Security, Wireless Security

DD-WRT is really amazing in all that it can do.  I have grown much more fond of it overtime.  Recently, I decided that I wanted to completely segment my home network.  I wanted to have multiple networks (some trusted, others completely untrusted) that could be configured through a single device.  At first, one [...]

Continue Reading

vTiger Customizations – Part 3 – Enforcing strong passwords in the Customer Portal

By On October 14, 2010 · Leave a Comment · In CRM, Development, General, Information Security, vtiger CRM

This is a continuation from Part 2 – Enforcing strong passwords in vTiger.

I submitted the updates to the Trac site for vTiger as diff updates to the 5.2.0 code, which might be easier to use to update the code.

Implementing the enforcement of strong passwords in the vTiger Customer Portal [...]

Continue Reading

vTiger Customizations – Part 2 – Enforcing strong passwords

By On October 1, 2010 · 6 Comments · In CRM, Development, General, Information Security, vtiger CRM

UPDATE 10/5/2010: I submitted the updates to the Trac site for vTiger as diff updates to the 5.2.0 RC code, which might be easier to use to update the code.

One of the things that really bothers me is that there are no built-in password restrictions for users in vTiger. That means if [...]

Continue Reading

vTiger Customizations – Part 1: Hashing passwords in the vTiger Customer Portal

By On August 25, 2010 · 1 Comment · In CRM, Development, General, Information Security, vtiger CRM

UPDATE 9/8/2010: I submitted the updates to the Trac site for vTiger as diff updates to the 5.2.0 RC code, which might be easier to use to update the code.

I preface this post with the title Part 1 in the subject, because I plan to post more information on customizations to vTiger [...]

Continue Reading

Breaking the “encryption algorithm” for Microsoft Dynamics GP – Dexterity Encryption

By On May 21, 2010 · 10 Comments · In Dynamics GP, General, Information Security

FULL DISCLOSURE – I HAVE UPDATED THE ORIGINAL POST AND HAVE ADDED COMMENTS IN ITALIC AND RETRACTED OTHERS WITH A STRIKETHROUGH

I use the term “encryption” loosely in this article. As you read on, you’ll realize why…

I’ve been doing some work on a plugin for Microsoft Dynamics GP, which is an accounting [...]

Continue Reading

Reading a user’s web history via CSS

By On May 19, 2010 · Leave a Comment · In General, Information Security, Internet Privacy

Slashdot ran an interesting story titled: “76% Web Users Affected by Browser History Stealing“. NoScript alone can’t save you from this one. The truly amazing part is that it’s been around for 10 years and it’s STILL a known problem with modern web browsers.

There’s a great proof-of-concept site

Continue Reading

The Wireless Pineapple – Karma on the FON with Jasager

By On May 3, 2010 · Leave a Comment · In Information Security, Wireless Security

After many episodes featuring the wireless pineapple on Hak5, I decide that it is time to get one and try it out (I’m way late getting to this one – about 4 years late). I actually won 2 auctions for the FON on EBay so I bought 2 of them.

Anyway, I was [...]

Continue Reading
Set your Twitter account name in your settings to use the TwitterBar Section.