30-01-05

overstressed paranoid admins go through the roof

A Londonder made a tsnuami-relief donation using lynx -- a text-based browser used by the blind, Unix-users and others -- on Sun's Solaris operating system. The site-operator decided that this "unusual" event in the system log indicated a hack-attempt, and the police broke down the donor's door and arrested him  http://www.boingboing.net/2005/01/27/jailed_for_using_a_n...
 
as a security admin you see all the time traffic and things and alerts that seem on first sight to be the next big thing, you are scared to think off, but instead of running to your phone, you should first sit down and read all the logs in full length and detail about the incident before blocking someone or getting the police out....
 
I can imagine that the police officer who was very proud of himself announcing to the full press that they have really arrested a hacker trying to steal money for the victims of the disaster and getting compliments for his work is now hiding himself from the same camera's.

02:07 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

another open source development server hacked

Last year two of the most important open source development servers were hacked. Now it is up to jabber, the open source answer to instant messenging to have lost control over its development server. All the code has to be reviewed and checked.....
http://mail.jabber.org/pipermail/jdev/2005-January/020062...
 
btw there are also some other 7 serious vulnerabilities for mandrake and for xpdf,winamp and php (look at http://patch.skynetblogs.be
 
 

01:32 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

secure your linux for free

http://www.pandasoftware.com/download/linux/linux.asp
really a full blown commercial product for free - without the service

01:25 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

ISP's protecting the networks enough ?

The discussion in the security community and the policy circles about the role that ISP's play in securing the network is going fullswing. Some ISP's are taking some actions and they all are very differentiated. At the Internet Storm center, the middle opinion in the center of a heated debate is interesting to start with
 

One model that I like is from one telecom company in Brazil. For the home adsl user, they block ingress traffic to some well known problematic ports, like ´hack-me´ 137-139, 445, and some service ports like 80, 1434, 1433,etc...according this company it reduced a lot the impact of some worms. They are now thinking about egress traffic, like for port 445. This is a good solution because the ingress block would prevent some worms from reaching the machine and the egress filter would prevent their infected users from scanning and infecting other network(s).

Corporate adsl users with static IP address are far more difficult and I dont believe that any filtering rules would work with them. They ´bought´ a link, and they must have access to all kind of traffic. Of course, if that traffic doesn't violate an AUP (Acceptable Use Policy).

http://isc.sans.org/diary.php?date=2005-01-25


01:11 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

mastercard and visa oblige you to secure yourself

Visa CISP information:   http://tinyurl.com/4ph6h

MasterCard SDP information: https://sdp.mastercardintl.com/

Both firms will oblige firms processing and using their credit cards to secure their networks, infrastructure and procedures.  Maybe some will now be waking up. They are left no choice. Tell their customers they can't take visa cards to buy their stuff because Visa refuses to work with them because their network is insecure ? No customer would spend even a dime with them.


00:58 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

baggle again - stupid virus

maybe it is time that we stop the bullshit
a mailserver does not have to let pass binary attachments in a mail without you having explicitly demanded for it with good reason. You don't ride with a car with three wheels and no brakes either in the opposite direction.
just block these attachments, wherever you can (network, mailagents,...)
  • .com
  • .cpl
  • .exe
  • .scr

    DO NOT OPEN MAIL YOU DID NOT EXPECt OR ASKED FOR.


  • and as with so many other bigger viruses the last months, they are using a network of hacked servers with more files on that infected computers shall download

    http://www.newsisfree.com/iclick/i,69949959,3157,f/ 

    copy them to your proxy server in your network and block them, period.

    00:47 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

    my internet-phone one price box not working

    friends of mine have bought an integrated phone-internet box for which they pay one price for all the internet they use and phone hours they can fill.
    only they can call other people, but they can't receive any calls.
    reading some stuff about such boxes in France where the problem seems to be resolved by buying another phone you connect to the box, stupidly.

    00:44 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |