Skip to main content

Posts

Social Engineering Attack

Introduction Simply, Social engineering is a process of converting people’s mindsets by being friendly in order to get confidential, private information to execute an attack. It’s not easy to protect systems by using sophisticated hardware and software, security professionals should focus on the weakness of the employees and educate them in order to protect systems from such attacks.  Common Patterns Social engineering attacks involve 4 common patterns. Collect information about the target. Build trust with the target. Exploit the information and execute the attack. Quit without leaving any proof. Importance of attack prevention Social engineering attacks are rapidly increasing and cybercriminals have a high chance of obtaining valuable and sensitive organizational information. It is the most powerful attack which cybercriminals use when they cannot find vulnerabilities in software and hardware systems.  The phishing is the most common s
Recent posts

Things you should know before purchase a lottery. ටිකට් පතක් මිලදී ගැනීමට පෙර ඔබ දැනගතයුතු කරුණු.

ඔබ දැනටමත් ටිකට් පත් මිලදී ගන්නා කෙනෙකු විය හැක. නො එසේනම් ටිකට් පත්වල සත්‍ය අසත්‍ය තාව සොයනා කෙනෙකු විය හැක. මේ ඔබ සදහා වටිනා කියවීමක් වීම මගේ අරමුණයි. ටිකට් මිලදීගැනීම යනු සූදුවකි. නිත්‍යානුකූල සූදුවකි. සූදුවකට ඇබ්ඹැහි වීම නුවණට හුරු කටයුත්තක් නොවේ. නමුත් ඔබ දෛනිකව ටිකට්පත් මිලදී ගන්නා කෙනෙකු නම් මේ අදහස් දැක්වීම ඔබට ටිකට් පතක් මිලදී ගැනීමට පහසුවක් වනු ඇත. ශ්‍රී ලංකාව තුල ප්‍රධාන වශයෙන් ටිකට් පත් වර්ග 3ක් තිබේ. 1. දිනුම් අදින ටිකට් පත් 2. ක්ෂනික(සූරන ) දිනුම් ඇති ලොතරැයි පත් 3. ලොටෝ වර්ගයේ ටිකට් පත්. ප්‍රථමයෙන් දිනුම් අදින ලොතරැයිපත් සාකච්ඡා කරමු. දිනුම් අදින ලොතරැයි පත්ද ප්‍රදාන වශයෙන් කොටස් දෙකකට බෙදිය හැක. 1. කුඩා ජයමලු සහිත ලොතරැයිපත්.     කුඩා ජයමලු සහිත ලොතරැයි පත් යනු ලොතරැයි පතක් ජයග්‍රහනය කිරීමේ සම්භාවිතාව වැඩි ලොතරැයි පත් වේ. මේ සදහා බොහෝ විට දිනුම් අදිනු ලබන පන්දු සංඛ්‍යාව මූලිකවම බලපානු ලැබේ. ඔබ දන්නා ආකාරයට අංක 10කින් අංකයක් තෝරාගැනීමේ හැකියාවට වඩා අංක 5කින් අංකයක් තොරාගැනීමේ හැකියාව වැඩිවේ. ලොතරැයි පත් දිනුම් ඇදීමේදී ඍජුවම මෙය බලපායි. උදාහරණයක් ලෙස වෙල

WSO2 Identity Server use as an authorization server

This blog is for the developers who is having a requirement to use WSO2IS as an authorization server. For an example, I'm going to use WSO2 Identity Server to demonstrate this use case. Step 1 :- Checkout a sample application from this[1] git location and build it. Take the .war file which is created inside the  <SAMPLE_HOME>/oauth2/playground2/target directory and deploy it in tomcat server(Its required to be deployed on tomcat 7.x version). Build and deployment details are available in this document[2]. Step 2 :-  Download WSO2 identity server from this link[1] and create a service provider  for sample application.  When you create a service provider, you need to add  service provider name first and click Register  button. Once you create a service  provider, you need to configure call back url for particular application.  Please click on Configure link which is defined under OAuth/OpenID Connect Configuration  box.  Service Provider Name: * playground

How to debug WSO2 Carbon products with Eclipse

When you are doing some customizations, you may have to debug the custom codes. I'm going to give you steps to start the debug with Eclipse. Step 1 :- First you need to start the product with below command. sh wso2server.sh -debug 5005 When you start the server with above command, Server is listening for the port 5005. Step 2 :-  Open the debug configuration window and create a new Remote Java Application. Keep the host as localhost and give the port which you started in the first step. After do the modifications, you can start debug by clicking Debug button in Debug Configuration Window. If you configured correctly, Server will be started without any problem.

Configure mysql database with WSO2 Identity Server

One of the main usage of Identity Server is for user management. It gives us a lot of features.List of features are available in this page . Some of them are, Multiple user store support User, password and profile management JDBC, LDAP/AD support Default user store of Identity Server is the embadded LDAP and its a forked implementation of ApacheDS . Other configuration Data, Registry are available in H2 database. Embedded LDAP and H2 database are not recommended in production environment. So; We have to use commercially available databases/LDAP implementations for production. Today I'm going to explain the way to use mysql database with Identity Server. We can do it following few steps. Step 1 :-  Disable embedded LDAP property in embedded-ldap.xml file which is located in <IS_HOME>/repository/conf/identity/ <Property name="enable">false</Property> Step 2 :-  Create a database and generate required tables using provided sql file

Logging parameters in WSO2 ESB Script mediator

Script mediator is helpful in many ways and it can be written in different scripting languages such as JavaScript, Groovy and Ruby. I'm going t o use JavaScript for this example. I'm trying to show you the way that you can use to log some values when you are writing a mediator. This will be helpful when you need to log values when you are writing a complex script mediators. This is a sample script <script language= "js" > var log = mc.getServiceLog(); log.info( "started" ); var temp_auth = mc.getProperty('authheader'); log.info( "temp_auth : " + temp_auth); log.info( "out" ); </script> When you define a " var log = mc.getServiceLog();" variable, you can use log object to display values as below. log.info( "started" ); log.info( "temp_auth : " + temp_auth); This is a sample proxy service <?xml version= "1.0" encod

How to Create a Secondary JDBC user store for Identity Server

WSO2 Identity server comes with embedded LDAP as a primary user store. But its not recommended  to use in production environment. So; you have to use some other products for primary user store(OpenLDAP, AD, JDBC, etc..). You may required some other user store in practical scenarios. So; I'm going to talk about how to create a JDBC user store as a secondary user store with wso2 IS. I'm using wso2 Identity server latest version(current Identity server version is 5.1.0) for this example. Step 1 :- Log in to mysql using below command. Lets create a database first. mysql -u root -proot Create a database as below. create database sampledb; Use newly created database for other operations. use below command. use sampledb; Step 2 :- Then create tables which are required for user store. You can use mysql.sql file which is located in <IS_HOME>/dbscripts/ directory to import tables to newly created database. please use this command source /home/madura/D