Enabling the dag wiers repository on centos

Posted on in linux
   1 Reply

Dag Wiers provides an excellent repository for Red Hat flavored Linux systems. Adding them to CentOS 5 is easy.

First download the “rpmforge-release”-rpm. For CentOS 5, I choosed rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm. The rpm’s are available at http://dag.wieers.com/rpm/packages/rpmforge-release/. Then install the rpm.

cd /tmp
wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Spam Honeypots

Posted on in internet, security
   1 Reply

The Project Honeypot allows for everyone who is hosting a website to create a mini honeypot to trap spammers. I’ve configured mine to run at this site at “coast.php”.

It is a “poor-man” honeypot but can still offer useful results. Watch for my future writeups on how to create honeypots with Bind, Apache and Postfix.

Differences of tcpdump linux / openbsd

Posted on in linux, open source, security
   1 Reply

One of the nicer options of tcpdump under Linux is the -C (that is a capital C). This allows you to write the captured traffic to a file and have the file rotated at a given size. According to the man-pages :

-C
Before writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward. The units of file_size are millions of bytes (1,000,000 bytes, not 1,048,576 bytes).

How long before someone adds this to the openbsd version of tcpdump?

CAPTCHA security Hotmail.com / Live.com bypassed

Posted on in security
   1 Reply

An article from Websense shows how new bots are able to bypass the CAPTCHA security that prevents spammers from creating large number of accounts.

According to Websense the three main advantages for spammers to target this CAPTCHA are:

  • the Microsoft domain is unlikely to be blacklisted
  • they are free to sign up
  • it may be hard to keep track of them as there are millions of users worldwide using the service.

.

The same arguments are true for the other major providers like gmail, yahoo, etc.

mysql error “ERROR 1030: Got error 134 from table handler”

Posted on in internet
   1 Reply

If you try to insert or select data from a table and you get an error message from mysql that says

ERROR 1030: Got error 134 from table handler

then you have repair the table.

FOSDEM 2008

Posted on in conferences, internet, linux, open source, php, security
   Leave a reply

FOSDEM, the free and open source developers’european meeting is taking place in Brussels on 23/24 February.

Their schedule is online and shows that there are going to be some interesting talks :

SQLmap

Posted on in security
   Leave a reply

SQLmap is a security tool that can check your site for sql injection vulnerabilities.

Fun with Trams

Posted on in security
   Leave a reply

An article on the site of Bruce Schneier talks about “hacking Trams” via TV remote control.

Why would you need remote controls when most of the control cupboards are only protected with a generic lock for which you can find a key in any decent store? It’s much more fun figuring out what the function of the different buttons are if you’re closer to the “vehicle”.

Flash UPnP attack

Posted on in security
   Leave a reply

An interesting read on gnucitizen.org on the UPnP attack via Flash.

A user visiting a webpage that is hosting a malicious SWF file (Flash) might allow an attacker to remotely take control of UPnP devices (like routers) on the users’ private network. Because of the lack of authentication mechanisms this can happen without any user authentication.

A successful attack would allow an attacker to change the firewall setup or administrative setup of broadband modems. Most of the professional routers will not allow UPnP. The most common target for this type of attack are broadband routers that are typically used by home-users to connect to the Internet via dsl or cable.

Because of the fact that a lot of environments now allow remote access via VPN through these broadband routers this might allow an attacker to gain access to corporate networks.

There is no vulnerability in Flash, UPnP or any underlaying browser. This vulnerability is simply the result of the present specifications of UPnP.

UPnP itself is a set of platform independent computer network protocols that simplify the configuration of different network devices. It allows the “Plug and Play” functionality of network devices.

The solution is to disable UPnP on your broadband routers.

log system security events to twitter

Posted on in internet, security
   1 Reply

An article on the blog of Evan Weaver talks about having you logs forwarded to twitter.

It doesn’t sound like such a good idea because you’re relying on the “privacy” protection mechanism of Twitter. This mechanism is acting as a black box so you could as well not be using any protection mechanism.

The idea itself isn’t that bad, having your critical messages (like process xxx not running)- forwarded to twitter might be more useful than having them mailed to some sort of “admin”-account that’s only checked once a day.