The OpenSSL heartbleed vulnerability CVE-2014-0160 has been all over the news this month. I posted an overview on what to do and how to detect exploit attempts.
Generating new certificates is one of the advices to cope with this vulnerability. A new certificate means that you have to revoke the old one. Revoked certificates are ‘announced’ in a CRL, or a certificate revocation list.
SANS ISC has a graph on certificates revoked … Read more.
I have iptables on a couple of different Linux hosts. There are a number of tools that allow you to centralize the logs of different hosts (and services) but they often focus on some form of alert management. I need something that allows me to gather the logs from different hosts, put them all in one central database and then generate some statistics on this data.
Iptables logs to the local syslogger but ulogd allows … Read more.
Jump to Update 10-Apr-2014
Jump to Update 11-Apr-2014
Jump to Update 12-Apr-2014
Jump to Update 24-Apr-2014
Unless you’ve been hiding under a rock you must have heard about the OpenSSL heartbleed vulnerability CVE-2014-0160.
Software using or linked against OpenSSL 1.0.1 through 1.0.1f (inclusive) is vulnerable. This post focuses on what you have to do and how you can detect it. This post is not on what the vulnerability is about.
It is important … Read more.
ModSecurity is an embeddable web application firewall or WAF. It can be installed as part of your existing web server infrastructure.
ModSecurity is available as a package for different Linux distributions but these versions are often outdated. I installed ModSecurity from source on Ubuntu 12.0.4 LTS.
Start by downloading the source tarball from the ModSecurity website. The full code is available via GitHub and the links to the tarballs are available from the home page.
… Read more.
I was reading on DNS rebinding and how browsers protect us with DNS pinning.
I was curious how public DNS servers reply when you do a query for a host that is binded to an RFC1918 address.
DNS rebinding basically works as follows.
Attackers control the DNS of a domain (‘www.example.com’); A user is lured (phishing, web commment, …) into visiting a site controlled by the attacker, the DNS response is a public IP … Read more.
Shells control how you interact with your computer systems. I always switch between the Bourne shell (sh), Korn shell (ksh) and Bourne-Again shell (bash) but there are numerous others.
There are three types of shells
a login shell; an interactive shell; a non-interactive shell.
The type of shell defines what set of features you can use. Choosing the type of shell is important to achieve your goal(s).
A login shell is the shell that is … Read more.
Sometimes it can be useful to do a HTTP GET or HTTP POST request from a PHP script. I used to use curl to do this but there’s a ‘cleaner’ way to do this.
For reference, this is how to do the HTTP POST request in curl from PHP
The PEAR – PHP Extension and Application Repository contains a number of useful reusable PHP components.
The component we are going to use is HTTP_Request2. You … Read more.
From the CERT.be website : Open DNS resolvers are frequently being abused to conduct efficient DDoS attacks towards websites, infrastructure and services..
You can detect open resolvers on your network with a vulnerability information management tool (for example Qualys), via the Open Resolver Project or manually with an nmap command.
Keeping track of the different output files becomes more difficult if you have to do this often. I wrote a script that imports the nmap … Read more.
STeBB ( Security Testing Browser Bundle ) is an all in one web security toolkit for web application security testers. Built over Mozilla Firefox, this Linux based open source browser bundle comes with a vast array of awesome tools that help you secure your web application. STeBB runs in Debian based Linux distributions and can be used to thoroughly security test the web applications, especially the OWASP Top 10 risks. Basically it’s a web pen … Read more.
I recently bought a new Philips television 32PFL5008H/12. Most new televisions are ‘smart’ and this device is nothing different. It can connect to the Internet via a wired or wireless connection. I used the wired connection and disabled wireless. I also disabled most of the ‘smart’ features because they are not useful for my usage.
According to the included licenses this device is build on a Linux Kernel 3.0.13 and includes a number of open … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.