Archive | Security

Security is not a feature; it’s a process. Notes on issues, patches and essays on security.

DLSLUG, October 5th, 7 PM: Protecting a Windows Server with a $50 Linux Box from Staples

By Ted Roche on October 3, 2006 in Linux, Microsoft, OpenSource, Security

Bill McGonigle announces Thursday's Dartmouth-Lake Sunapee Linux User Group: “Protecting a Windows Server with a $50 Linux Box from Staples” presented by Lloyd Kvam:

“Lloyd will talk about OpenWRT, the open source linux distribution that targets small routers such as the Linksys WRT45GL. He recently used one to make a bridging firewall, where a Windows computer needed protection, but there was no access to the router.”

“Lloyd will talk about hardware organization, installing packages, the layout of the default configuration, and how to customize the routing and firewall operations… Lloyd works at software development, preferably in Python.”

Should be a fun meeting. Hope to see you there!

OS X Updates to 10.4.8

By Ted Roche on October 2, 2006 in Apple Macintosh OS X, Security

Apple has released OS X 10.4.8 as a no-cost download, but it does require a reboot. A summary of changes are here. Get patching!

They are running out of single digit version updates. I wonder when 10.5 is due?

Yet another ActiveX control exploit for IE

By Ted Roche on September 30, 2006 in Microsoft, Security

SANS Internet Storm Center weekend monitor is reporting “WebViewFolderIcon ActiveX control exploit(s) in the wild, (Sat, Sep 30th). Rise and shine. This vulnerability is being actively exploited in the wild …” (more)

If you must run IE, restrict ActiveX controls to the highest level possible. And use a safer browser, like FireFox or SeaMonkey or Opera or Konqueror or Camino or Safari for all those web sites that don't require you to use IE.

RedHat discusses the security challeges of RHEL4

By Ted Roche on September 30, 2006 in Linux, OpenSource, Security

Redhat has posted an interesting “Risk Report” outlining the security experiences with the first year of RedHat Enterprise Linux. A frank discussion of positives and negatives, with some good reminders on basic Best Practices. Worthy of a read.

Exploits, exploits and exploits!

By Ted Roche on September 28, 2006 in Microsoft, Security

I don't intend this blog to be a security blog; that's a full time job better served by others. However, you ought to be alert to what's going on out there:

MS “re-released” MS06-049 as version 2.0 (new and improved!) to patch NTFS file compression on Windows 2000 SP4.

The Internet Storm Center is reporting yet another Internet Explorer exploit, taking advantage of a bug in an ActiveX control.

The ISC is also pointing to reports of an exploit packaged in a PowerPoint file. I may have mentioned it before: Do not open attachments from untrusted sources and… there are no trusted sources. I wouldn't advise anyone to open a PowerPoint until they are sure their anti-virus scanners have been updated and clear the file. Better yet, open it in OpenOffice.org. Better yet… imagine a day with no PowerPoint. Wow.

Microsoft issues patch for Zero-Day VML exploit on Day Eight

By Ted Roche on September 27, 2006 in Microsoft, Security

Slashdot is noting that Microsoft Patches VML Vulnerability. “Microsoft has quietly released an official patch for the zero-day VML vulnerability. The patch was publicly available yesterday, But Microsoft has just added it to the Security Bulletin Index.” Eight days from time of first report to patch is pretty fast for Microsoft, and is almost two weeks ahead of their normal patch schedule. This security flaw was being aggressively exploited out in the wild.”

For Microsoft to break their usual once-a-month patch cycle is pretty unusual, so I'd consider this patch sooner rather than later. Get patching!

Apple releases Airport patch

By Ted Roche on September 25, 2006 in Apple Macintosh OS X, Security

Apple's made available the second patch this year to their Airport wireless NICs to prevent stack overflows and arbitrary code execution on your Mac. Details here. Get Patching!

HP Board of Directors spying case just keeps getting worse…

By Ted Roche on September 20, 2006 in Security, Technology

GrokLaw is reporting “HP Spying More Extensive: Who Knew and When. We begin to learn now who knew and when, in an article in the Washington Post. They did broad background checks on their targets, but also on relatives of their targets. They tried to recover a stolen Keyworth laptop, so they could examine it. They targetted and sought phone records and fax records of relatives, like wives, of board members and reporters too. They got the records for 240 of 300 phone numbers they went after. The spyware sent to the reporter at CNET was not just to track email forwarding. It was keylogging software.”

And HP sells a server line called Integrity. This is disgraceful behavior.

MerriLUG September 2006: File Carving at Home or Office

By Ted Roche on September 14, 2006 in OpenSource, Security

On the GNHLUG-Announce list, Jim Kuzdrall announces the Septempber MerriLUG meeting, “File Carving at Home or Office”

Who : Andy Bair, Winning Team, 2006 File Carving Challenge
What : Unscramble randomized data sectors or packets back to files
Where: Martha's Exchange
Day : Thur 21 September **Next Week**
Time : 6:00 PM for grub, 7:30 PM for discussion
:: Overview

Want to undelete some Linux disk files? Piece together fragments of a deleted file? Recover a Windows disk where both FATS are destroyed or missing? Extract files from a network capture? MerriLUG presents Andy Bair with a new and effective approach to file carving that could be used to accomplish these tasks.

Andy Bair (and teammates Klayton Monroe and Jay Smith) won the 2006 File Carving Challenge. The winners developed new tools and techniques which accurately extracted files from a 50MB disk image of containing JPEG, ZIP, HTML, Text, and Microsoft Office files.

Andy's talk will explain the contest, contest data sample, methodology, and tools. There will be examples and a question-answer
session. You might want to build a script to automate his method for your purposes (or entice him to do so). Get contest information at http://www.dfrws.org/2006/challenge/. Get a preview of the team's methodology, updated results and additional information at
http://www.korelogic.com/Resources/Projects/dfrws_challenge_2006/.

>>> RSVP to Jim Kuzdrall for dinner to assure adequate seating. Driving directions

BFD Brute Force Detection vs. script kiddies

By Ted Roche on September 10, 2006 in Linux, OpenSource, Security

Tired of the abuse I'm getting on one of the servers exposed to the Internet, I've installed APF, the Advanced Policy Firewall, and BFD, Brute Force Detection on the machine. Webhostgear.com has easy-to-follow installation instructions for APF and BFD respectively.

While plain vanilla iptables was enough to protect the machine from most routine attacks, incessant attempts at logging in to a couple of well-known services on well-known ports was filling the logs and consuming an extrodinary amount of the bandwidth. Now, a script kiddie attempting 13,000 logins will find the machine no longer responding on that IP address.

Interesting technology. BFD uses a script run as a timed job to parse logs, pick up repeats, and bans them by scriping a command line and submitting it to APF. APF also uses the excellent DShield.org list of known problemmatic machines and networks. Very cool. While BFD comes with a set of scripts to parse common exploits, it didn't have one for my ftp server. I'm not sure I've grokked what's needed to set up my own script of rules, but as I couldn't find one on Google, I'll give it a shot, and share my results back to the community once I've got it working.

Older posts Newer posts

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Navigation