Archive for the ‘security’ Category
2011
02.08
Tags: code, upgrade, wordpress
Posted in code, php, security, sysadmin, wordpress | 1 Comment »
The upgrade to 3.0.5 was resleased yesterday. From the release notes:
Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.
One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.
Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.
Download and upgrade now!
2011
01.11
Posted in code, Did you know, firefox, security | No Comments »
A new product over at x-pire.net (which redirects to x-pire.de) was unveiled in Germany today, with the aim of embedding expiry times and information into images so that they cannot be viewed after a certain time. In that way there should be a maximum lifespan to digital images on the web to prevent future embarassment, usage etc. At this stage, the prototype is available as plug-in for Firefox (as well as some other browsers in future), and expounds the idea of a ‘forgetful internet’ so that information is not immortal on the web. (more…)
2010
11.27
Tags: best practice, security, stuxnet, virus
Posted in code, security, sysadmin | No Comments »
Just a quick grouping of resources relating to Stuxnet resources and analysis after the targeted infections of the frequency converters of the Vaasa, Finland based Vacon (though Vacon publicly denies this) and Iranian company Fararo Paya.
The bottomline takeaway – never use default passwords (partical attack vector of the PLCs and SCADAs), and keep systems patched (4 zero-day Windows-based attacks). And don’t allow USB devices on a production network (the entry point of the 0.5Mb virus written in C and C++)… (more…)
2010
10.22
Tags: apt, apt-get, environment, export, linux, proxy, ubuntu, web traffic
Posted in bash, code, linux, security, sysadmin | 1 Comment »
So that it’s documented… I’m using port 8080 as the default port as the likelyhood of your upstream proxy being on 8080 is high – else, typical proxy ports are, of course, 80, 800 (transpartent), 8000, 3128 (squid)
To force your server to force web traffic via a proxy, just two quick things to set – in /etc/environment, export one (or two) variables: (more…)
2010
08.30
Tags: business, connectivity, crash, datacentre, lines down, mtn, offline, outage
Posted in Did you know, security, sysadmin | No Comments »
Last time, generator maintenance in Johannesburg took everything offline.
There was just notification with the subject line “unknown” (referring to the categorisation of the issue) at 14h22:
SYMPTOMS EXPERIENCED: Intermittent Degradation in Service
SEVERITY: Critical (more...)
2010
07.25
Tags: collections, facebook, firmware, fonts, kindle, password, pdf, security, twitter, upgrade
Posted in Did you know, mobile, Other, security, sysadmin | 1 Comment »
Remember to upgrade your Kindle from Amazon – there’s a new firmware upgrade available, taking the system to version 2.5.2 (24.3MB – you may want to transfer via USB…) (more…)
2010
06.19
Tags: bash, Mac, port forwarding, putty, ssh, terminal, tunnel, windows
Posted in bash, code, linux, mysql, security, sysadmin, windows | No Comments »
Assuming you have a Windows machine and you interact with Linux boxen at any stage, chances are high that you have used and interacted with PuTTY at one stage or another. That beautiful, less than 2 sec, 444K download of a tool (currently at version 0.60 beta) allows you to SSH, COM-direct, RSH, Telnet etc from the desktop. Both examples below relate to MySQL port tunneling.
SSH Tunnels using the Bash command line
Running on a proper machine (or even a Windows with Cygwin or a Mac Terminal) allows you to quickly tunnel a session to a remote server: (more…)
2010
06.05
Tags: adobe acrobat, adobe reader, exploit, flash, in-the-wild, vulnerability, zero-day
Posted in code, security, sysadmin | No Comments »
From Adobe‘s advisory:
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.
Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions on Windows, Macintosh, Linux and Solaris are affected, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. So it’s kinda big. What to do? (more…)
2010
06.04
Tags: file sharing, samba, sharing, ubuntu
Posted in bash, code, security, sysadmin | No Comments »
To enable symlinks in Samba for filesharing across platforms inWindows, modify
/etc/smb/samba.conf
and add in the [global] section:
follow symlinks = yes
unix extensions = no
There has been some discussion about
wide symlinks = yes
However, due to the attack vector on Samba servers from Windows allowing file traversion, back in February 2010, you may want to force-set wide symlinks to no– it works without that declaration and is set to no by default.
2010
05.30
Tags: deactivate, facebook, privacy, remove account
Posted in Did you know, security, sysadmin | No Comments »
That’s it – I’m out – got to wait for the 14 days now before the account is deleted from Facebook.
As promised, I was asked whether I’m really sure that I want to delete my account – have to enter your password and the 2 CAPTCHAs before getting the confirmation:
Last step before account deletion?
Doesn’t quite end there: next, I get an email, Subject: “Account scheduled for deletion”, as below (just that WordPress handles the incorrect <br/> tags sent via mail correctly, corrects, and compensates):
Hi Sven,
We have received a request to permanently delete your account. Your account has been deactivated from the site and will be permanently deleted within 14 days. (more...)
2010
05.26
Tags: deactivate, facebook, privacy, remove account
Posted in security, sysadmin | 1 Comment »
Assuming you don’t have any link shares in place (Digg, OpenID, MySpace etc), the process should be quite simple:
Go direct:
http://www.facebook.com/help/contact.php?show_form=delete_account (you have to be logged in to use the link) and then don’t access the account for 21 days. Some say 14 days, but what’s the hurry? Some recommend no interaction with Facebook at all (pages, groups, public content) – this is related to cookie updates and FBCDN backtracks.
Once completed, that should move from “deactivated” to “deleted” status.
Is anything going to be really removed? Facebook alone know(s)…
More? See WikiHow and a variety of other sources using a Google Search (hmm…) or the Bing equivalent…
I’ve written about this before on blog.sven.co.za, though 
2010
05.14
Tags: events, security, security summit, web security
Posted in bash, code, conferences, javascript, linux, mysql, open source software, php, security, synch.cc, sysadmin, windows | No Comments »
So the Security Summit 2010 has come to an end. Featuring speakers such as Moxie Marlinspike, Joe Grand and Jeremiah Grossman (again), it’s a pity to say that there wasn’t much new that was presented. With repeated concerns about input- and output-validation, as the OWASP Top 10 for 2010 highlight and were used as a repeated example, and a call for a holistic approach to a company’s security posture, the idea of making the thought (and practice) of security part of the organisation’s culture came through over and over again. (more…)
2010
05.09
Tags: events, security, security summit, web security
Posted in conferences, security, sysadmin | No Comments »
So, it’s that time of the year again – Security Summit 2010 in Sandton, Johannesburg. Items on the agenda include:
- The business of security – Threat horizon 2010 and beyond, legislation (PPI), risk, compliance, standards (PCI), security metrics, social networking, web application security, web services, web 2.0 and more.
- Technical/operational security – Top 10 hacks, botnets, trojans, smartphone security, cloud computing, virtualisation, SaaS, practical return-oriented programming techniques, web application server attacks, defeating SSL, exploiting Microsoft DEP and more. (more…)
2010
04.25
Tags: deactivate, facebook, privacy, remove account
Posted in security, sysadmin | No Comments »
Just a few clicks to deactivating your account...
Facebook — now will accounts up for sale ($25 / 1000 where there are less than 10 friends, and $45 / 1000 where there are more than 10 friends) – has again changed their privacy approach – even retroactively…
So – here’s a quick how-to on removing yourself from the system:
- Log into your account with your valid username and password
- Choose “Account” -> “Account Settings” (top right-hand corner)
- Choose “Deactivate account” – last option of those on the page.
- Choose your reason for deactivation – top of the list (ironically) is “I have a privacy concern”, with “I don’t feel safe on Facebook” at number 6.
- Click on “Deactivate my account” (remember to opt out of receiving future mails from Facebook, too)
But you knew that already!
2010
04.16
Tags: clamav, clamav-milter, clamd, end of life
Posted in code, Did you know, security, sysadmin | No Comments »
clamav finally sent the end-of-life payload yesterday evening – 0.96 is the current version, so it’s been a good run
Possible symptons you experienced:
- Repeated notifications:
WARNING: getpatch: Can't download daily- - All freshclam mirrors are ignored
- Your mailq fills up with detailed MAILER-DAEMON messages referring to the End-of-Life nature of clamav 0.94
- (… add your own here…)
But they warned they’d do this in October 2009:
Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year.
This move is needed to push more people to upgrade to 0.95 .
We would like to keep on supporting all old versions of our engine, but unfortunately this is no longer possible without causing a disservice to people running a recent release of ClamAV.
The traffic generated by a full CVD download, as opposed to an incremental update, cannot be sustained by our mirrors. (more…)
2010
04.03
Tags: 0.96, clamav, clamav-milter, clamd, errors, socket
Posted in open source software, security, sysadmin | 4 Comments »
Some updates to the yum-sent clamav-milter.conf and (to a lesser extent) clamd.conf may be necessary.
After an automatic yum-update of the clamd family on RHEL, there’s a disparity in the way clamav-milter listens and clamd services the socket or port connection — clamav-milter doesn’t know what to go with (local socket on unix:/tmp/clamav.socket or tcp:127.0.0.1) – so you need to tell it. Otherwise, you get messages such as the below in you clamav-milter.log:
clamav-milter[5149]: No clamd server appears to be available
ERROR: Failed to initiate streaming/fdpassing
So make sure the ClamdSocket in clamav-milter.conf points to the LocalSocket that clamd.conf says it’s broadcasting on. So if clamd.conf is
LocalSocket /tmp/clamd.socket
clamav-milter.conf should have
ClamdSocket unix:/tmp/clamd.socket
Else, if you’re on LocalSocket on 127.0.0.1 on the default port, just set ClamdSocket as below:
ClamdSocket tcp:127.0.0.1
Also, be sure to do an sa-update
Simple, eh? But you knew that already!
