Years after years, OpenSSH became the default SSH daemon on most of UNIX environments as well as other systems. It offers a lot of features which make it terribly customizable and powerful. For a while, the ‘Match” keyword appeared in the list of directives. It allows conditional blocks of configuration directives. If the criteria(s) defined [...]
|
|||||
|
|
When you are connected to a network (Internet or private), your TCP/IP stack must know which DNS server(s) use to resolve host names into IP addresses. For a while, publicly alternative DNS servers – like OpenDNS or Google DNS – implemented a blacklist protection mechanism. If a domain is suspected of delivering malicious content such [...] Everybody agrees to consider “security by obscurity” a false sense of security. By using this principle, the security of an information system in (falsely) increased by hiding sensitive details. Such information can be removed like: by altering the application welcome banner (in Apache, sendmail, etc), by changing the default port (example: binding your SSH daemon [...] A quick and dirty tip if you need to keep a Windows workstation or server console unlocked. This can be required for several purposes, good or bad. In my case, I’m working on a workstation to access network resources. I don’t have a login and cannot know the local password. Every time the screen gets [...] Everything has been said about the “cloud”, or more precisely, “cloud computing”. Like any new technology, there are pro and con, good and bad things. BTW, the cloud is not so new. For a while, lot of organizations already used a cloud infrastructure but it remained a “private cloud”. Since it moved to the Internet, [...] The brand new firmware for the iPhone announced by Apple a few weeks ago is publicly available since yesterday. Called “iOS4” (special dedicace for cisco.com), it includes more than 100 new features like multitasking, folders, etc. I won’t review them here, there are multiple complete reviews already available online. Google is your best friend! But, [...] It was discussed during the last edition of BlackHat Europe: Maltego v3 was almost ready to be released. Today is the D-day: The latest version is out! A quick reminder for those who still not know the product: “Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering [...] It became a daily action for most of us: We are looking for a piece of software which could improve our tasks. Google provides us thousands of links, we select the most attractive, download it and install it (there is no restriction in the users not the operating systems). That’s the power of the Internet. [...] Port and vulnerability scanners are common tools used by good as bad guys. Performing a port scanning is one of the first operations required to find potential vulnerabilities on a target system. That’s why vulnerability scanners have built-in port scanners. Writing a port scanner is really easy with a few lines of Perl: #!/usr/bin/perl use [...] Next step in my investigations with OSSEC. The possibilities of OSSEC are awesome and could clearly, in some case, replace a commercial log management solution! After collecting the Secunia vulnerabilities into OSSEC, I switched to the “dark side”: the Microsoft Windows agent. The USB sticks are very popular at users level and are a nightmare [...] |
|
|||
|
Copyright © 2010 /dev/random - All Rights Reserved |
|||||
