Archive for the ‘security’ Category

Suricata IPS

It has been a long time since the first installation of Snort-inline as my favourite intrusion protection system (IPS for friends). Unfortunately the project was abandoned because the main developers started a new project, writing a new IPS from scratch: Suricata. Snort is probably the most famous intrusion detection system (IDS) but the possibility to […]

Comments Off on Suricata IPS

Oracle’s non-disclosure security policy

Last week I was surprised to see a not-so-common Debian security update of mysql-5.1 upgrading its version from 5.1.49 to 5.1.61. This is not the way security updates works in Debian: once a security flaw is found, the patch is applied to the current stable release maintaining its version and not by repackaging the latest […]

Comments Off on Oracle’s non-disclosure security policy

Logging integrity

Since 2009 system administrators working in Italy have had something new and compulsory to deal with: logging. We have to keep track of any login and logout from any system that contains personal or sensitive data. These logs have to be complete and indicating the name of the operator, the date and time and their integrity […]

Comments Off on Logging integrity

Hardware-based attacks

Everytime I’m asked to deploy a new service or a new machine I always think about the strategies to keep them safe about internal and external attacks. This requires extra time in studying, testing and feeling comfortable with a security policy that has to be shared with other system administrators and the software developers. But […]

Comments Off on Hardware-based attacks

Stuxnet (cyberwar against Iran)

I don’t know if many of the people got the story about Stuxnet right. It’s an interesting one. Last summer a worm was discovered inside different computers that were normally separated from Internet or other public networks. The first to report a worm for its SCADA software systems was Siemens. SCADA means Supervisory Control And […]

Comments Off on Stuxnet (cyberwar against Iran)

Sony’s trouble

Sony did it again. Sony did something really stupid again. Sony inserted its private signing key hardcoded into its code (well it was easy to calculate it from the code because of what is called an epic fail at secure programming). And now is blaming someone else for having found it. And it is suing […]

Comments Off on Sony’s trouble

Has OpenBSD FBI backdoors?

In these days of security uncertainty even NSA has understood and acts like large parts of its networks and computers are compromised. “There’s no such thing as ‘secure’ any more”, Debora Plunkett, head of the NSA’s Information Assurance Directorate, has confirmed. Well at least they finally listened to security experts… Read the funny article here. […]

Comments Off on Has OpenBSD FBI backdoors?

ModSecurity blocks SlowLoris attacks

In mid 2009 was released a tool able to perform a successful DoS attack to different webservers just from a single client. This tool is called SlowLoris and is available here. The attack consists in opening many connections with the target, blocking it with incomplete requests. Soon different solutions and mitigations to this attack came […]

Comments Off on ModSecurity blocks SlowLoris attacks

SSL renegotiation

Here is a link to an interesting article from Ivan Ristic about SSL renegotiation, the issue discovered almost a year ago that could lead to MITM attacks: The point is that disabling renegotiation altogether in the web servers (those that do not need it) give no indication of their security status to the different […]

Comments Off on SSL renegotiation

DLL hijacking

Last August a security researcher found a way to exploit the way dynamic link libraries, in Windows systems, are loaded. More precisely the security issue is in the way these DLLs are resolved, generally by searching for its first appearance in a sequence of directories. If an attacker can put its own implementation of the […]

Comments Off on DLL hijacking