Just wanted to point out that SourceFire allows us common folks to purchase official SNORT VRT licenses on the cheap. At the tune of $29.00 a year, yeah, I’m game.
Have fun!
Security
“An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.”
When you buy off-the-shelf peripherals such as this, it’s easy to assume they have been tested and are safe, and wouldn’t normally pose much of a security risk to your computer. Remember, however, that Humans made them, and so they are still subject to the same flaws (or subterfuge) that something you download from the Internet is.
After eating lunch at a local restaurant yesterday, I noticed that when I was signing my receipt they had printed my whole credit card number on there. I hadn’t seen that happen in years, and I immediately scratched it out. I happened to be with a group of cyber security guys, and they were all in disbelief as well.
It would be very easy for a thief to pick up your receipt just after you leave, then go home and have an online shopping spree. The server or anyone else handling your receipt could do the same thing. Continue Reading
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit of the NSW Police says, “”If you are using the internet for a commercial transaction, use a Linux boot up disk – such as Ubuntu or some of the other flavours…It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking,”
Sounds like a good plan to me, but then, I’m sure most of you reading this are already in agreement. It’s just good to see this sort of thing hitting major news sites.
I'm providing the original text file for ease of use Grab it here - ClamAV.on.Fedora
----------------------------------
Background:
This guide will use the ClamAV CLI scanner and the ClamAV-Update script (freshclam).
I wrote this to help all the Home\SOHO users (servers or desktops).
ClamAV has various tools/packages/plugins for email servers etc. but that’s another story.
If you wish to learn more visit their home site: http://www.clamav.net/
Obviously, you can change anything you want, but this should get you going.
! WARNING ! – DO NOT VISIT THE SITES BELOW – ! WARNING !
I noticed some Pakistan site had pingbacks for some articles we wrote, but no comments from the person that copy and pasted them (verbatim) on their site.
Well, being the person that I am, I fired up “Wireshark” on my Linux box (of course) to investigate their site further.
I noticed they had various other sites tied to the same domain, so I visited another one (other than the blog) and low and behold something was a little fishy.
Their “photo” site tried to launch a little gift for me……an “IFrame exploit” and if you’re running Windows you get a special prize for the visit…..a worm. ;0)
I wrote previously about Facebook hacking, which is something everyone needs to be aware of, but there is a more immediate Facebook danger which millions of people every day are already exploited by. Not only could it lead to insecurity, but your personal data is being exposed to advertisers every time you take one of those “What kind of hamburger are you” quizzes.
Facebook applications get access to all data of users who sign up, though users sign up for dozens of one-time use applications like these quizzes without thinking twice. There are hundreds of applications springing up every day, and Facebook’s model of implementing no technical sandboxing and policing applications when things go wrong is completely unscalable.
This applies to RedHat Enterprise 4 & 5, and by association to Fedora and CentOS. It probably works on some other distros as well, but your mileage may vary.
I am constantly having to reset user passwords, as I use the “three failures and your account is locked” schema, as well as set passwords to expire every 60 days. Continue Reading
If you live in the USA, did you know that your tax dollars are being used for some really good purposes?
You better believe it. For example, the NSA provides some great guides and tools for securing your operating system, whether your are on a Mac, or running Windows, Linux, or Solaris.
Some of the guides can get a little complex (especially the Linux and Solaris ones), but even if you do some of what they suggest, you are increasing the security of your OS and are likely to learn a few things at the same time.
There are more resources from other parts of the government as well. Continue Reading
This article explains why you can’t trust your friends on Facebook. It demonstrates how easy it is to gain someone’s trust by using an account that they think is that of a friend. The next time your friend on Facebook asks you to borrow some money, or asks when you are going out of town, think twice. Continue Reading