Sysinternals.com is a GREAT source of free Windows utilities (rootkit detector, process list, list of files being used by a process, etc….) Today the news started to spread that they’ve been acquired by Microsoft. Am I the ONLY person that has had an urge to download their entire free utility library?
Blocking Aggressive Outbound Traffic with IPtables.
For starters, I’ve tested this on a test system that started out with NO iptables rules, and then moved on to an IPCop install (the vmware download from vmwarez.com…)
I’ve detailed previously one dilemma that I had with regard to my own cable connection which made me question how one could SAFELY host a wireless access point (in the clear) for guest web browsing, without allowing a wireless user to port scan the outside world/aggressively spread viruses/etc. Traditional firewall setups are typically oriented towards protecting the internal network. This post is an attempt to give an explanation of how to implement the idea put forth in this post.
SANS has a story on another local kernel vulnerability for linux. I’ve got to say that I typically haven’t looked as much at “local” vulnerabilities on this site as I have talked about remote vulnerabilities. Usually local vulnerabilities are flaws that allow a user that’s already logged into a system to escalate their user rights to control the system. So, IF you allow logins for various users, you definitely need to pay attention to local vulnerabilities.
Linux has full support for so many file systems. Fat32, which is the filesystem of the Win98 and ME systems has had full read-write support as long as I can remember, but NTFS has not. In fact, NTFS has had read-only support in the main open source driver, but NO write support. (Or at least VERY limited and risky write support.) There was the captive ntfs project which used Windows own NTFS driver, but…. it looks like we’re getting very close to a true open source, read write NTFS driver for linux (and really, for any other OS that wants to implement it.)
Yesterday I had a bit of a realization. I had just been looking at a wireless router/firewall setup and was thinking about the firewalling rules (which seemed to be geared at the WIRELESS lan… i.e. blocking that activity on the Wireless segment.) You know, traditionally firewalls have had the attitude of defending the internal network from the outside. Of course, these days firewalls sometimes protect the internal network from a WLAN (Wireless segment as well.) But, I put a few events together and started looking for a new feature in a firewall.
This has been a rough quarter for Office vulnerabilities… there seems to be a pattern, Microsoft patch day, then…. zero-day exploit within a week for an Office component. First Word, then Excel and now this month our vulnerable app is Powerpoint. The Security Fix has some coverage and notes the pattern – the likely motivation is so that there will be more time to exploit before the vulnerability is patched. The moral of the story is to be suspicious of Powerpoint attachments/files from untrusted sources. i.e. verify that you should be receiving an attachment even from KNOWN sources.
I mentioned some time ago a frustrating issue with the hardware on my desktop that I had finally solved. I got the new system Which was a 64-bit AMD Athlon on an Asus k8N4-E board and a pci-express nvidia based card (6200 TurboCache), 1 GB of memory… Things worked very nice for a while, rock solid stable and no issues. But the one day, I noticed…. “where did my tvcard go”. There were 2 pci slots, one I had used for a tvcard, the other for an addon sound card.
I’ve detailed some of the struggles I had for a bit with FLOODS of comment spam. Details of the issue and a fix which has been rock solid for WordPress can be found in the following posts (reverse chronological order): Update on comment spam storms, trackback spam countermeasures such as akismet and trackback validation, another trackback storm, botnets spreading trackback spam?, Initial trackback storm. To sum up though, I’ve found 2 plugins to make for a rock solid combination here in wordpress. Akismet (which caught 99% or so of trackback spam) and The trackback validator plugin which caught everything else. (99% sounds good, but when you’re getting thousands of attempts a day?)
Sans also brings this story about the Debian development server being compromised. Investigation is ongoing. The machine was gluck.debian.org and hosted CVS among other things (ddtp, lintian, people, popcon, planet, ports, release). It has been taken offline currently for a reinstall, other systems have been locked down until they can patch the vulnerability that they suspect was exploited. More details will be announced.
Sans has a story on botnet traffic spotted coming from the TOR network. Now, I had to refresh my memory on what TOR is, but it’s an anonymizing network, essentially a computer running TOR, would collect a list of TOR client machines on the internet and then connections to other pcs are routed through encrypted connections through several different pcs, which masks the origination of the data request. Of course, this doesn’t mean that botnets are actively making use of TOR, it could just be an inadvertant…. “route all my traffic through TOR” computer got a bug….
Bookmark this site now by pressing Ctrl+D
