z0me nuFzz

aka some news aka don't be like půl prdele z křoví in dz morning ;)

Dnes je sobota 19. 5., svátek má Ivo

Root.cz

Root.cz - informace nejen ze světa Linuxu

+
Komiks: pamětník konce19.05.12-00:00
Některé velké problémy provázejí lidstvo odnepaměti a pravděpodobně s ním už budou navždy. I když se celý svět zřítí do propasti, lidská kultura se ztratí a všechno se jednou provždy změní, stále tu budou odvážní a spravedliví lidé, kteří se nebudou bát postavit těm podstatným problémům. Ať jsou sebemenší.
+
Geary: nový e-mailový klient, který nekopíruje ty současné18.05.12-00:00
Desktopoví e-mailoví klienti v Linuxu sice nabízí plno funkcí, ale jejich uživatelské rozhraní nepatří k nejlepšímu, co může Linux nabídnout. Yorba team pracoval rok na novém, lehkém e-mailovém klientu. Není zatížen starým kódem a uživateli nabízí jen ty důležité funkce, a to v jednoduchém rozhraní.
+
Alter Ego: s duší v patách18.05.12-00:00
Někdy i jednoduchý nápad dokáže udělat z obyčejné plošinovky zajímavou herní hříčku a dodat suchému obsahu bez příběhu šmrnc. V Alter Egu si zahrajete rovnou za dvě postavy a jejich společnou kooperací se budete snažit dosáhnout konečného cíle. Vše je navíc stylizováno do příjemné retro 16bitové grafiky.
+
Odborný text v LyX: matematika a bibliografie17.05.12-00:00
LyX je velice užitečným nástrojem pro práci s texty. Jeho výhod využijete především při přípravě odborných textů, pro které nabízí velké množství užitečných funkcí. V dnešním článku o praktickém použití editoru LyX se společně podíváme, jak je řešena práce s matematickými vzorci či literaturou.
+
Přehlídka her pro osmibitovou konzoli Atari 780017.05.12-00:00
V dnešní části seriálu o historii vývoje výpočetní techniky se seznámíme s některými hrami, které vznikly pro minule popisovanou osmibitovou herní konzoli Atari 7800. Asi nebude velkým překvapením, že koncept některých her byl převzat z dalších konzolí či video automatů, ovšem pro Atari 7800 vzniklo i několik originálních herních kuriozit.
+
SAR: sledovanie výkonu, zbieranie dáta a vytváranie štatistík16.05.12-00:00
SAR je nástroj pre sledovanie výkonu. Na prvý pohľad sa zdá, že zobrazuje rovnaké informácie ako programy procinfo, vmstat a iotat. Ale je tu jeden rozdiel, a to, že SAR dokáže zobraziť nielen súčasné, ale aj staršie dáta. Môžeme tak podrobne zbierať dát a pripravovať štatistiky za dlhé časové obdobie.
+
Softwarová sklizeň (16. 5. 2012)16.05.12-00:00
Pravidelná sonda do světa (převážně) otevřeného softwaru. Dnes si představíme aplikaci pro sledování známých televizních kanálů, zajímavě vyhlížející fork SMPlayeru, CLI nástroj pro připojení Google Disku a editor formátu EPUB. V závěru jako obvykle oblíbená blbinka.
+
Novinky a vývoj v PostgreSQL 9.215.05.12-00:00
Vývoj 9.2 pokračoval v kolejích vyjetých 9.0 a 9.1. Díky tomu, že v loni a předloni se vyřešily některé diskutabilní otázky, poslední rok byl hlavně a jen o práci. Ne, že by se občas nevedly bouřlivé diskuze. Ale téměř vždy se poměrně rychle podařilo najít kompromis, který byl často kvalitnější než původní návrhy.
+
Podpora instrukcí typu SIMD na mikroprocesorech ARM15.05.12-00:00
V dnešní části seriálu o architekturách počítačů se budeme opět zabývat popisem mikroprocesorů patřících do rodiny ARM. Zaměříme se na popis SIMD instrukcí, které sice původně nebyly součástí mikroprocesorů ARM, ale postupně začaly být implementovány jako volitelná rozšíření do některých mikroprocesorových jader.
+
SIP přes mobilní data: levnější volání proti vůli operátora14.05.12-00:00
Mobilní přístup na internet se stává čím dál dostupnější, a tak se nabízí myšlenka, zda se tímto způsobem nezačnou jednou přenášet i hovory. Na WiFi už to je nějakou dobu možné, ale jak je na tom u nás relativně čerstvé 3G? Rozhodl jsem se to vyzkoušet a jedno zúčtovací období jsem volal pouze přes VoIP.

abclinuxu - aktuální články

Seznam čerstvých článků na portálu www.abclinuxu.cz

+
Událo se v týdnu 20/201201.01.70-01:00
Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.
+
HW novinky: co Intel podělal na výrobě Ivy Bridge01.01.70-01:00
Toto téma jsme naťukli již dříve, ale dnes si můžeme ukázat konkrétní měření, která nejen odpovídají na otázku z nadpisu, ale také nastiňují řešení onoho palčivého problému. Vedle Ivy Bridge se ale také podíváme na to, jak to bude s 3,5palcovými disky a Toshibou, jenu moc divnou GeForce od Gigabyte a jeden ještě divnější monitor od AOC.
+
Komiks xkcd 1046: Skynet01.01.70-01:00
XKCD česky.
+
Kobo Deluxe01.01.70-01:00
Stýská se vám po děsivě obtížných arkádových střílečkách? Kobo Deluxe je možná pro vás to pravé. V principu nejde o nic nového: v raketce se pohybujete dvourozměrným vesmírem, ničíte vše, co se hýbe, a současně se snažíte vyhýbat se jiným objektům a tomu, co vystřelují. Ovšem detaily rozhodují...
+
Zpravodaj o Víně - 14. 5. 2012: Podpora .NETu ve Wine01.01.70-01:00
Aktuální verze Wine. Vyřazení emulace 8086 z NetBSD. Google Summer of Code 2012 zahájeno. Balíčky s Mono. Změny v databázi aplikací.
+
Jaderné noviny - 26. 4. 2012: Umísťování souborů na lepší místa na disku01.01.70-01:00
Aktuální verze jádra: 3.4-rc4. Citáty týdne: Rob Landley, Mat Mackall, Tejun Heo. Google spustil zrcadlo git.kernel.org. Rozhovor s Linusem Torvaldsem. O_HOT a O_COLD.
+
Komiks xkcd 152: Křečkův balón01.01.70-01:00
XKCD česky.
+
Událo se v týdnu 19/201201.01.70-01:00
Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.
+
HW novinky: 28 nanometrů, 12 gigabitů a 3,7 metru plasmových bodů01.01.70-01:00
V dnešním dílu si ztrestáme slíbený dluh z minulého týdne. Představíme si nejnovější duální grafiku od Nvidie, povíme si, jak je na tom TSMC s 28nm výrobou a jaký moc hezký ARM CPU se jí podařilo vyrobit, abychom vše završili novými enterprise SSD od Hitachi a jednou hodně moc velkou televizí od Panasonicu.
+
Komiks xkcd 150: Dospěláci01.01.70-01:00
XKCD česky.
+
Migrace systému: praxe01.01.70-01:00
Dnes se podíváme, jakým způsobem provést migraci systému, na co si dát pozor, pro jaké řešení se rozhodnout a jak migrovat vzdáleně.

Debian Security

Debian Security Advisories

+
DSA-2475 openssl - integer underflow01.01.70-01:00
It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
+
DSA-2474 ikiwiki - cross-site scripting01.01.70-01:00
Raúl Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.
+
DSA-2473 openoffice.org - buffer overflow01.01.70-01:00
Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.
+
DSA-2472 gridengine - privilege escalation01.01.70-01:00
Dave Love discovered that users who are allowed to submit jobs to a Grid Engine installation can escalate their privileges to root because the environment is not properly sanitized before creating processes.
+
DSA-2471 ffmpeg - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.
+
DSA-2458 iceape - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:
+
DSA-2457 iceweasel - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
+
DSA-2470 wordpress - several vulnerabilities01.01.70-01:00
Several vulnerabilities were identified in WordPress, a web blogging tool. As the CVEs were allocated from releases announcements and specific fixes are usually not identified, it has been decided to upgrade the wordpress package to the latest upstream version instead of backporting the patches.
+
DSA-2469 linux-2.6 - privilege escalation/denial of service01.01.70-01:00
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:
+
DSA-2468 libjakarta-poi-java - unbounded memory allocation01.01.70-01:00
It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.
+
DSA-2467 mahara - insecure defaults01.01.70-01:00
It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.
+
DSA-2466 rails - cross site scripting01.01.70-01:00
Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.
+
DSA-2465 php5 - several vulnerabilities01.01.70-01:00
De Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.
+
DSA-2422 file - missing bounds checks01.01.70-01:00
The file type identification tool, file, and its associated library, libmagic, do not properly process malformed files in the Composite Document File (CDF) format, leading to crashes.
+
DSA-2464 icedove - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
+
DSA-2459 quagga - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Quagga, a routing daemon.
+
DSA-2462 imagemagick - several vulnerabilities01.01.70-01:00
Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service.
+
DSA-2463 samba - missing permission checks01.01.70-01:00
Ivano Cristofolini discovered that insufficient security checks in Samba's handling of LSA RPC calls could lead to privilege escalation by gaining the take ownership privilege.
+
DSA-2461 spip - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site scripting, script code injection and bypass of restrictions.
+
DSA-2460 asterisk - several vulnerabilities01.01.70-01:00
Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit:
+
DSA-2454 openssl - multiple vulnerabilities01.01.70-01:00
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues:
+
DSA-2456 dropbear - use after free01.01.70-01:00
Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon, resulting in potential execution of arbitrary code. Exploitation is limited to users, who have been authenticated through public key authentication and for which command restrictions are in place.
+
DSA-2455 typo3-src - missing input sanitization01.01.70-01:00
Helmut Hummel of the TYPO3 security team discovered that TYPO3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

+
Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability29.12.12-00:00
+
Vuln: FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability19.05.12-00:00
+
Vuln: pidgin-otr 'log_message_cb()' Function Format String Vulnerability18.05.12-00:00
+
Vuln: HP OpenVMS Integrity Server Unspecified Local Privilege Escalation Vulnerability18.05.12-00:00
+
Bugtraq: H2HC Brazil 9th Edition - Call for Papers01.01.70-01:00
+
Bugtraq: SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-214901.01.70-01:00
+
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow01.01.70-01:00
+
Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow01.01.70-01:00
+
More rss feeds from SecurityFocus01.01.70-01:00
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

SecurityFocus News

+
News: Change in Focus10.03.10-00:00
Change in Focus
+
News: Twitter attacker had proper credentials18.12.09-00:00
Twitter attacker had proper credentials
+
News: PhotoDNA scans images for child abuse18.12.09-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
News: Conficker data highlights infected networks16.12.09-00:00
Conficker data highlights infected networks
+
Brief: Google offers bounty on browser bugs02.02.10-00:00
Google offers bounty on browser bugs
+
Brief: Cyberattacks from U.S. "greatest concern"28.01.10-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Brief: Microsoft patches as fraudsters target IE flaw21.01.10-00:00
Microsoft patches as fraudsters target IE flaw
+
Brief: Attack on IE 0-day refined by researchers18.01.10-00:00
Attack on IE 0-day refined by researchers
+
News: Monster botnet held 800,000 people's details04.03.10-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
News: Google: 'no timetable' on China talks04.03.10-00:00
Google: 'no timetable' on China talks
+
News: Latvian hacker tweets hard on banking whistle26.02.10-00:00
Latvian hacker tweets hard on banking whistle
+
News: MS uses court order to take out Waledac botnet25.02.10-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Infocus: Enterprise Intrusion Analysis, Part One01.01.70-01:00
Enterprise Intrusion Analysis, Part One
+
Infocus: Responding to a Brute Force SSH Attack01.01.70-01:00
Responding to a Brute Force SSH Attack
+
Infocus: Data Recovery on Linux and ext301.01.70-01:00
ext3

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Infocus: WiMax: Just Another Security Challenge?01.01.70-01:00
WiMax: Just Another Security Challenge?
+
Gunter Ollmann: Time to Squish SQL Injection01.01.70-01:00
Time to Squish SQL Injection
+
Mark Rasch: Lazy Workers May Be Deemed Hackers01.01.70-01:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Adam O'Donnell: The Scale of Security01.01.70-01:00
The Scale of Security
+
Mark Rasch: Hacker-Tool Law Still Does Little01.01.70-01:00
Hacker-Tool Law Still Does Little
+
More rss feeds from SecurityFocus01.01.70-01:00
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Files ≈ Packet Storm

Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers

+
Vanilla 2.0.18.4 Cross Site Scripting19.05.12-03:43
The moderator edit account functionality in Vanilla version 2.0.18.4 suffers from a cross site scripting vulnerability.
+
Vanilla Latest Comment 1.1 Cross Site Scripting19.05.12-03:41
Vanilla version 2.0.18.4 with Latest Comment plugin version 1.1 suffers from a cross site scripting vulnerability.
+
Vanilla About Me 1.1.1 Cross Site Scripting19.05.12-03:40
Vanilla version 2.0.18.4 with About Me plugin version 1.1.1 suffers from a cross site scripting vulnerability.
+
libssh2 C Library 1.4.219.05.12-03:37
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS, SECSH-USERAUTH, SECSH-CONNECTION, SECSH-ARCH, SECSH-FILEXFER, SECSH-DHGEX, SECSH-NUMBERS, and SECSH-PUBLICKEY.
+
Oracle Weblogic Apache Connector POST Request Buffer Overflow18.05.12-16:58
This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
+
Squiggle 1.7 SVG Browser Java Code Execution18.05.12-16:58
This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
+
libwpd WPXContentListener::_closeTableRow() Memory Overwrite18.05.12-16:43
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
+
Hackers 2 Hackers 9 Call For Papers18.05.12-16:42
The Hackers 2 Hackers Conference (H2HC) 9th edition call for papers has been announced. It is being held in Sao Paulo, Brazil from October 18th through the 23rd, 2012.
+
HP Security Bulletin HPSBOV02780 SSRT10076618.05.12-16:41
HP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.
+
HP Security Bulletin HPSBUX02782 SSRT10084418.05.12-16:37
HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
+
Mandriva Linux Security Advisory 2012-07818.05.12-16:36
Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
+
HULK - Http Unbearable Load King18.05.12-16:31
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
+
Admin Page Finder Script18.05.12-16:29
This python script looks for a large amount of possible administrative interfaces on a given site.
+
Epicor Returns Management SOAP-Based Blind SQL Injection18.05.12-16:25
Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
+
Cross Site Scripting Walkthrough18.05.12-16:23
This is a whitepaper that gives a complete cross site scripting walkthrough.
+
PHP 5.4 Win32 Code Execution18.05.12-16:21
PHP version 5.4.3 code execution exploit for Win32.
+
HP VSA Command Execution18.05.12-16:20
HP VSA remote command execution exploit.
+
SkinCrafter 3.0 Buffer Overflow18.05.12-16:18
SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.
+
Debian Security Advisory 2475-118.05.12-16:08
Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
+
Ubuntu Security Notice USN-1445-118.05.12-16:08
Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
+
Ubuntu Security Notice USN-1445-118.05.12-16:07
Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
+
Ubuntu Security Notice USN-1444-118.05.12-16:07
Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
+
360-FAAR Firewall Analysis Audit And Repair 0.2.418.05.12-16:05
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
+
Cryptographp Local File Inclusion / HTTP Response Splitting18.05.12-04:22
Cryptographp suffers from local file inclusion and HTTP response splitting vulnerabilities.
+
Web Application Vulnerability Scanner 0.1117.05.12-23:54
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

AppSec Street Fighter - SANS Institute

SANS Application Security Street Fighter Blog

+
"Password Tracking in Malicious iOS Apps"23.08.11-08:58
In this article, John Bielich and Khash Kiani introduce OAuth, and demonstrate one type of approach in which a malicious native client application can compromise sensitive end-user data.Earlier this year, Khash posted a paper entitled: "Four Attacks on OAuth — How to Secure Your OAuth Implementation" that introduced a common protocol flow, with specific examples and a few insecure implementations. For more information about the protocol, various use cases and key concepts, please refer to the mentioned post and any other freely available OAuth resources on the web.This article assumes that the readers are familiar with the detailed principles behind OAuth, and that they know how to make GET and POST requests over HTTPS. However, we will still ...
+
"The C14N challenge "15.08.11-10:54
Failing to properly validate input data is behind at least half of all application security problems.In order to properly validate input data, you have to start by first ensuring that all data is in the same standard, simple, consistent format — a canonical form. This is because of all the wonderful flexibility in internationalization and data formatting and encoding that modern platforms and especially the Web offer. Wonderful capabilities that attackers can take advantage of to hide malicious code inside data in all sorts of sneaky ways.Canonicalization is a conceptually simple idea: take data inputs, and convert all of it into a single, simple, consistent normalized internal format before you do anything else with it. But how exactly do you do this, and how do you know that it has been done properly? What are the steps that programmers need to take to ...
+
"Spot the Vuln \u0096 Boundaries - SQL Injection"08.08.11-08:23
Details Affected Software: My Calendar Wordpress Plugin Fixed in Version: >1.7.2 Issue Type: SQL Injection Original Code: Found Here Details This week's bug was a subtle mistake in the usage of an escaping routine. It seems the developer understood the dangers of SQL injection and therefore used an escaping routine to sanitize user controlled input before using that input to build a SQL statement. Unfortunately, the developer overlooked a crucial characteristic and used the wrong escaping routine. Looking at the vulnerable line, we see the following: [sourcecode lang="PHP"] $sql = "SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=".mysql_escape_string($_GET['category_id']); [/sourcecode] As you can clearly see, the developer chose to utilize the mysql_escape_string() function to escape $_GET[category_id] before using category_id to build a SQL statement. Looking at ...
+
"Spot the Vuln - Boundaries"02.08.11-07:23
I like pushing boundaries.Lady GagaSpot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.[sourcecode language="php"]...snip... </style><?php // We do some checking to see what we're doing if (isset($_POST['mode']) && $_POST['mode'] == 'add') { // Proceed with the save $sql = "INSERT INTO " . WP_CALENDAR_CATEGORIES_TABLE . " ...
+
"Spot the Vuln - Floods - SQL Injection"01.08.11-09:06
DetailsAffected Software: Corpse C&CFixed in Version: ?Issue Type: SQL InjectionOriginal Code: Found HereDetailsThis week's bug is in Corpse C&C. SpotTheVuln reader Christina hits it right on the head, line 32 contains a ridiculous amount of SQL injection. Most of the parameters passed to the INSERT statement results in SQL injection. $id, $info, and $user are all set directly from $_GET or $_POST and are used in the SQL statement without any sanitization. Despite its name, $real_ip is also completely attacker controlled and can be used for SQL injection. Getenv("HTTP_X_FORWARDED_FOR") doesn't sanitize the user controlled value in any way. For some reason, many developers assume the X-Forwarded-For header will only specify an IP address or domain name. X-Forwarded-For can contain any characters (including angle brackets, ...

Musings on Information Security

_ Where facts are few, experts are many

+
Updates and Notable comments :17.05.12-13:23
Updated Posts : The Post "Attacker Classes and Pyramid " has been updated to the third iteration. The post was updated in terms of coherency but I also added my OWASP BENELUX presentation entitled...

Security news : http://blog.zoller.lu
+
PCI Compliance, Security in isolated System and Parking Tellers (2nd)05.05.12-15:47
Following up on my blog post a few months ago entitled "PCI compliance, Security in isolated systems and Parking Tellers Part 1" - I took a brief look the other day at another Ticket issued by a...

Security news : http://blog.zoller.lu
+
CVSS - Common Vulnerability Scoring System - a critique [ Part1 ]24.03.12-14:51
Ever since I started my career in information security I was both interested and intrigued by metrics applied to vulnerabilities (or metrics in general for that matter). CVSS...

Security news : http://blog.zoller.lu
+
"SSL Audit" - Updated release (SSL/TLS Scanner)27.12.11-16:02
Preamble : During my research on TLS/SSL Compatibility across different Operation Systems and Browsers I created supporting tools for myself and later decided to release them for the public....

Security news : http://blog.zoller.lu
+
Final - SSL/TLS renegotiation explained (CVE-2009-3555)23.12.11-13:19
Final release for my paper explaining the different attack vectors and impacts for (CVE-2009-3555) "TLS / SSL renegotiation vulnerability". Added comments and corrections by Alun Jones (Who I...

Security news : http://blog.zoller.lu
+
PCI compliance, Security in isolated systems and Parking Tellers (Part1)06.12.11-20:13
A colleague of mine spotted the below while we were doing our expenses - The photograph below shows two separate receipts from two parking buildings that are not far away from each other in central...

Security news : http://blog.zoller.lu
+
Blog cleanup01.11.11-13:57
As some regulars might have noticed I restructed this blog a bit trying to get rid of some clutter. At the same time I updated a few specific pages I wanted to point out : Vulnerability...

Security news : http://blog.zoller.lu
+
THC SSL DoS - vs - Per Design26.10.11-20:41
Since this is a rather old topic with both sides having valid points I will keep this post short and sweet. I have had no time to measure of investigate in depth and I don't think I will find...

Security news : http://blog.zoller.lu
+
Attacker Classes and Pyramid (Version 3)18.10.11-20:20
This is a living blog post I will update whenever I have time and new ideas. TOC Introduction Updates Attacker Classes Attacker Pyramid Q&A Introduction The other day I was brainstorming...

Security news : http://blog.zoller.lu
+
The BEAST summary - TLS, CBC, Countermeasures (Update 4)26.09.11-16:18
Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong at the Ekoparty. This blog post will be continuously...

Security news : http://blog.zoller.lu
+
TLS/SSL hardening and compatibility Report 201120.09.11-17:21
This is a cross post from the G-SEC blog My professional and private commitments made it difficult to maintain a healthy blogging style, I am trying to get back to some blogging on a more regular...

Security news : http://blog.zoller.lu
+
What did PHP crypt() and Alzheimer have in common ?23.08.11-20:47
I stumbled across this weird PHP bug in the crypt() implementation (version 5.3.7RC5) [1] The bug reporter states that : "If crypt() is executed with MD5 salts, the return value consists of...

Security news : http://blog.zoller.lu
+
Tools, Whitepapers, Talks01.08.11-22:20
Talks / Lectures During my career I had the opportunity to present my thoughts and views on Information Security to numerous people and organizations, below is a list of conferences I had the...

Security news : http://blog.zoller.lu
+
CVE-2010-x+n - Loadlibrary/Getprocaddress roars its evil head in 201022.08.10-23:33
Subscribe to the RSS feed in case you are interested in updates After Acrossecurity, published an interesting vulnerability and HDmoore appears to have stumbled on the same issue, I decided to...

Security news : http://blog.zoller.lu
+
CVE-2010-2568 - LNK Code execution - Proof of concept (Update)18.07.10-15:14
Subscribe to the RSS feed in case you are interested in updates Ivanlef0u released a POC for the exploit used in targeted attacks :http://ivanlef0u.nibbles.fr/repo/suckme.rar More...

Security news : http://blog.zoller.lu
+
Top 10 Vulnerability Researcher 200917.03.10-18:09
Subscribe to the RSS feed in case you are interested in updates Thanks @edisoar for the hint: IBM ISS collected information about the researches that discovered and published most...

Security news : http://blog.zoller.lu
+
Videos of IDF Nominees in "Excellence in Visual Art"02.03.10-18:07
Subscribe to the RSS feed in case you are interested in updates The Independant Games Festival is taking place right now, the Indie games [1] below have been nominated in the category...

Security news : http://blog.zoller.lu
+
New Paper: SSL/TLS Hardening and Compatibility report 201018.02.10-16:23
Subscribe to the RSS feed in case you are interested in updates Copied from the post over at G-SEC: At last. What started as an "I need an overview of best practise in SSL/TLS configuration"...

Security news : http://blog.zoller.lu
+
SSL/TLS Audit - New tool17.02.10-10:22
Subscribe to the RSS feed in case you are interested in updates Developed as part of G-SEC's investigation into the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this...

Security news : http://blog.zoller.lu
+
TLS / SSLv3 renegotiation vulnerability explained - NEW update18.11.09-15:16
Subscribe to the RSS feed in case you are interested in updates I updated the whitepaper "TLS / SSLv3 vulnerability explained" : Updated 18.11.2009 : Added SMTP over TLS attack scenario, added...

Security news : http://blog.zoller.lu
+
New SSLv3 / TLS vulnerability - MITM attacks possible05.11.09-14:12
Subscribe to the RSS feed in case you are interested in updates In order to allow me to update in a more convenient manner, the latest updates will be added to the G-SEC blog only. Once the...

Security news : http://blog.zoller.lu
+
Computer Associates multiple products - RCE13.10.09-16:59
Subscribe to the RSS feed in case you are interested in updates I released another advisory today, the affected products are from Computer Associates who I'd like to thank for the cooperation...

Security news : http://blog.zoller.lu
+
Derren Brown guessed the lottery numbers - afterwards12.09.09-15:38
Subscribe to the RSS feed in case you are interested in updates Derren Brown, the NLP master and magician "predicted" the Lotterie numbers Live on TV and promised to tell on Friday how he...

Security news : http://blog.zoller.lu
+
You get what you pay for11.09.09-17:31
Subscribe to the RSS feed in case you are interested in updates On a more non-technical note, I stumbled across this offer from a "renowed luxemburgish recruitment agency." I am not sure what part...

Security news : http://blog.zoller.lu
+
IIS 5&6 FTP vulnerability - information and tools (KB975191)02.09.09-13:46
Subscribe to the RSS feed in case you are interested in updates I wrote a small summary and facts about the recent IIS5&6 FTP 0day, note that te vulnerable part of the code can be reached without...

Security news : http://blog.zoller.lu

Educated Guesswork

Educated Guesswork (converted from Atom 1.0)

+
Selecting IETF Travel Venues10.04.12-05:46
The IETF RTCWEB WG has been operating on a fast track with an interim meeting between each IETF meeting. Since we needed to schedule a lot of meetings, thought it might be instructive to try to analyze a bunch of... (...)
+
In which a misplaced greater than sign totally screws me over04.03.12-01:06
Something annoying but also instructive happened during my build of Chromium today. Everything started when I checked out a clean version and went to do a build, only to be greeted with the following exciting error: /Users/ekr/dev/chromium/src/third_party/WebKit/Source/WebCore/WebCore.gyp ar: input.a is... (...)
+
What the heck is going on with Tesla batteries?25.02.12-16:17
Disclaimer: I am not a car guy. Read the following with that in mind. As long-time EG readers will know, I've complained in the past that my Prius has a feeble starter/electronics battery which is easy to run down even... (...)
+
Protecting your encrypted data in the face of coercion11.02.12-18:28
Cryptography is great, but it's not so great if you get arrested and forced to give up your cryptographic keys. Obviously, you could claim that you've forgotten it (remember that you need a really long key to thwart exhaustive search... (...)
+
GIT Y U NO...24.01.12-04:01
You have to have used git to really understand this one, but... [16] git checkout f4a56 Note: checking out 'f4a56'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard... (...)
+
What is this all this crap in my wallet?23.01.12-03:35
On my way to Red Rock today to do some work, I looked in my wallet to see if I had enough money to afford my hot chocolate (paying for a $3.50 drink with a credit card is a pretty... (...)
+
Does DNSSEC really interfere with SOPA/PIPA?22.01.12-07:53
You've of course heard by now that much of the Internet community thinks that SOPA and PIPA are bad, which is why on January 16, Wikipedia shut itself down, Google had a black bar over their logo, etc. This opinion... (...)
+
The Supremes on the failure of broadcast content controls11.01.12-17:10
In Dahlia Lithwick's report on FCC v. Fox (about the FCC's TV indecency policy), she writes: Justice Stephen Breyer raises a question about why the ABC ass case is being heard together with the fleeting-expletives case. Justice Ginsburg asks whether... (...)
+
Web form complaints01.01.12-02:41
Spent some of today getting my 2011 charitable donations out of the way, so I've been experiencing a lot of different Web forms. Remember, these people want my money, so it would be nice if they didn't make the experience... (...)
+
Somelliers for beer... wait, what?23.12.11-06:24
Mark Garrison has a rather odd article in Slate arguing that we need expert advice to order beer in restaurants: It's a busy night at the D.C. restaurant Birch & Barley, as well as its casual upstairs sister joint, ChurchKey.... (...)
+
Do we need DNS confidentiality?18.12.11-15:33
The first step in most Internet communications is name resolution: mapping a text-based hostname (e.g., www.educatedguesswork.org) to a numeric IP address (e.g,, 69.163.249.211). This mapping is generally done via the Domain Name System (DNS), a global distributed database. The thing... (...)
+
An overview of espresso-making technology08.12.11-17:35
I've been meaning to write something about espresso and the various technology options for making one, but I never get around to it. Now I have. I'm not an espresso-making expert, but I'm a guy who cares about espresso, has... (...)
+
More on qualification: gender and age29.11.11-18:20
As I wrote earlier, many oversubscribed races use a performance-based qualification process as a way of selecting participants. What I mostly passed over, however, is whether different people should have to meet different qualifying standards. If your goal is to... (...)
+
On qualification standards28.11.11-17:17
One of the common patterns in endurance and ultra-endurance sports is to have one or two races that everyone wants to do (the Hawaii Ironman, the Boston Marathon, Western States 100, etc.) Naturally, as soon as the sport gets popular... (...)
+
HyperMac's external battery workaround08.11.11-14:54
The MacBook (Air, Pro, etc.) are great computers, but the sealed battery is a real limitation if you want to travel with it. My Air gets about 5-6 hours of life if I'm careful, which is fine for a transcontinental... (...)

IdentityMeme.org

=JeffH's musings on identity, security, protocols, SDOs, and tussles thereof...

+
Seems we can all just GetYourCensorOn ..or we can go after SOPA and ProtectIP/PIPA17.12.11-23:23
+
‘Combating Cybercrime’ whitepaper09.05.11-00:50
+
RFC6265 'HTTP State Management Mechanism' ("cookies") published06.05.11-21:33
+
RFC6125 “TLS/SSL Server Identity Check” is published05.04.11-23:56
+
TLS/SSL Server Identity Check will be RFC612515.03.11-17:25
+
‘HTTP State Management Mechanism’ (”cookies”) to Proposed Standard07.03.11-23:53
+
Web (In)Security: Remediation Efforts - Status and Outlook07.03.11-23:30
+
Susan Landau's new book and Huffington Post blog23.02.11-16:55
+
of TLS/SSL Server Identity Checking02.02.11-00:08
+
Firesheep and HSTS (HTTP Strict Transport Security)29.10.10-19:43

Sorry, no items found in the RSS file :-(

+
http://blog.smejdil.cz/2012/05/grep-ve-windows.html">grep ve Windows18.05.12-15:53
Pokud potřebujeme takzvaně grepnout nějaký textový soubor na výskyt nějakého řetězce, potřebujeme na to aplikaci grep, alespoň v UNIXových systémech je to věc prastará. Do windows si můžeme nainstalovat UnxUtils, ale ne vždy můžeme na servery toto instalovat.

Pokud je v systému PowerShell můřeme použít krkolomný příkaz Select-String.

PS C:\temp> Select-String -Path .\test.txt -Pattern "test"

test.txt:1:Tento text je testovaci.
test.txt:2:Testovat je treba.
test.txt:3:Kazdy testuje vse kolem sebe.

Druhá ukázka je z Cygwin ...

maly@nbmaly-tmp /cygdrive/c/temp
$ grep.exe -ni "test" test.txt
1:Tento text je testovaci.
2:Testovat je treba.
3:Kazdy testuje vse kolem sebe.
+
http://blog.smejdil.cz/2012/05/unxutils-for-windows.html">UnxUtils for Windows02.05.12-13:58
Pokud si člověk na něco navykne, už to vyžaduje všude. Jelikkož dlouhodobě jako desktop používám Linux s prostředím Gnome. Dost často se mi stává, že po přihlášení do WinXXX postrádám unixové příkazy, tail, grep atd.

Na Wiki je pekně popsáné UnxUtils
http://en.wikipedia.org/wiki/UnxUtils

Doposud používám Cygwin, ale odlehčenějších verzí UnxUtils je více.

http://unxutils.sourceforge.net/

Instalace je názorně popsána zde.
http://www.redantigua.com/unxutils-win.html

GNU Win II je další implementace UnxUtils.
http://gnuwin.epfl.ch/apps/unxutils/en/

Nemůžu říct, že by mi Cygwin nevyhovoval, ale asi budu postupně zkoušet i další možnosti.
+
http://blog.smejdil.cz/2012/04/vmware-converter.html">VMWare Converter20.04.12-12:41
V novém zaměstnání jsem obdržel dočasný NTB Dell Latitude D630, stará vrána a na něm Win7. Asi 14 dni jsem s daným HW musel vydržel. V momentě, kdy jsem si byl vyfasovat nový výkonný ntb, řešil jsem jak částečné vyladěný systém přenést do Linuxu, který hodlám používat spolu s VMware Workstation 8.0.2.

Řešením bylo do Win7 nainstalovat VMware-converter-all-5.0.0-470252.exe. S tímto SW jsem pak nechal fyzický OS konvertovat do formátu Workstation. Kvůli nedostatku místa na lokále jsem připojil externí disk přez USB. A na něj nechal uložit nově vzniklou virtuálku. Daný adresář s Win7.vmdk diskem a souborem definujícím virtualku Win7.vmx (#!/usr/bin/vmware
) jsem zkopíroval do prostoru Linux Ubuntu 12.04 LTS (beta2). Ve workstation jsem si už jen danou virtuálku pustil. Po zpuštění jsem jen odinstaloval nVidia divery a doinstaloval VMware Tools a přenesený systém je tam kde jsem jej chtěl mit.
+
http://blog.smejdil.cz/2012/04/zabbix-20-java-gateway.html">Zabbix 2.0 Java gateway10.04.12-08:13
Ručně jsem si zprovoznil Zabbix 2.0.rc2. Jíž konfigurace před kompilací odhalila nové vlastnosti serveru i agenta. Přibudla nám nová podpora Javy hlavně JMX. Přesněji řečeno Zabbix má v nové verzi Java gateway též nazýváno JMX monitoring.

Stavající verze zabbixu 1.8.11 používá ZABCAT pro sledování např. Tomcat serverů atd.

Zabbix Java Gateway - daemon přidávající nativní podporu pro monitoring JMX applikací.

Pro zprovoznění na Zabbix serveru potřebujeme JDK a zkompilovanou podporu.

aptitude install sun-java6-jdk

./configure --enable-server --enable-java ...

V konfiguračním serveru pribudly nové direktivy.

JavaGateway=Zabbix
JavaGatewayPort=10052
StartJavaPollers=1

U serveru se objevil nový adresář.

zabbix:/opt/zabbix-server# ls -1 -R sbin/zabbix_java/
sbin/zabbix_java/:
bin
lib
settings.sh
shutdown.sh
startup.sh

sbin/zabbix_java/bin:
zabbix-java-gateway-2.0.0rc2.jar

sbin/zabbix_java/lib:
logback-classic-0.9.27.jar
logback-console.xml
logback-core-0.9.27.jar
logback.xml
org-json-2010-12-28.jar
slf4j-api-1.6.1.jar

Danou funkcionalitu budu i nadále objevovat a seznamovat se s novými vlastnostmi :-)
+
http://blog.smejdil.cz/2012/03/end-of-my-story-o2-internethome.html">END of my story - O2-InternetHome30.03.12-16:00
Koncem loňského roku jsem se nechal zlákat na pozici Network Integration ve společnosti Telefónica O2 Czech Republic přesněji v dceřinné společnosti InternetHome (příšernej web). Možnost práce v místě bydliště byla velmi lákavá. Dnes vím, že to byla velká chyba odcházet z FG.

Ve vedení společnosti IH jsou zjevně velmi nekompetentní lidé, kteří neumějí počítat! Po provedení nějakého auditu rozhodli, že z úsporných opatření vyhoděj všechny lidi ve zkušební době. Měl jsem zkušebku na tři měsíce. Ani mě nenapadlo, že to bude problém. A 14dni před koncem jsem dostal padáka. Na fotce je má hromádka.

Na druhou stranu jsem se důkladně seznámil s Mikrotikem a absolvoval zdarma školeni u DNS a.s na téma Juniper.

Pevně věřím, že až zase budou někoho schánět, nikdo se nenechá tak blbě zlákat jako já. Co mě nezabije to mě posílí jo a všechno špatný je k něčemu dobrý.
+
http://blog.smejdil.cz/2012/03/zabbix-snmp-vs-mikrotik.html">Zabbix - SNMP vs Mikrotik22.03.12-11:16
Chtěl jsem začít pomocí Zabbixu monitorovat routery s RouterOS Mikrotik. Jednou z možností je si vytvořit template z textového výstupu příkazu snmpwalk pomoci patřičného perlového scriptu. Tím, ale získáme template pro dané zařízení, což asi nechceme. Pro univerzálnější použití je vhodné si vytvořit template pro obecné užití na routerech Mikrotik.

Pod ruku se mi dostalo velké spektrum verzí Mikrotiků. Nejstarší byla verze 3.30, dále 4.x a aktuální 5.x verze. Nutno dodat, že implementace SNMP se s verzí MK dost odlišuje. Snažil jsem se vytvořit Template pro sekci /system resources, vycházel jsem z těchto hodnot. Byl jsem nucen si vytvořit template pro 4kovou verzi a pro 5kovou.

Zabbix umí používat jak OID číselné tak i textové. Pro textové je třeba mít v systému doinstalovanou sadu MIB od IETF obecných definičních souborů. Pak můžeme lépe získat některé informace o zařízení.

aptitude install snmp-mibs-downloader

snmpwalk -On -c public -v 2c 10.10.1.2 IF-MIB::ifType
.1.3.6.1.2.1.2.2.1.3.1 = INTEGER: ethernetCsmacd(6)
.1.3.6.1.2.1.2.2.1.3.2 = INTEGER: ethernetCsmacd(6)
.1.3.6.1.2.1.2.2.1.3.3 = INTEGER: ethernetCsmacd(6)
.1.3.6.1.2.1.2.2.1.3.4 = INTEGER: ieee80211(71)
.1.3.6.1.2.1.2.2.1.3.5 = INTEGER: ieee80211(71)
.1.3.6.1.2.1.2.2.1.3.6 = INTEGER: ieee80211(71)

Tento Mikrotik má tři ethery a tři wlan karty.

snmpwalk -c public -v 2c 10.10.1.2 IF-MIB::ifNumber
IF-MIB::ifNumber.0 = INTEGER: 6
snmpwalk -On -c public -v 2c 10.10.1.2 .1.3.6.1.2.1.2.1
.1.3.6.1.2.1.2.1.0 = INTEGER: 6

Zde je názorná ukázka ja se dá použít jak textový název OID tak jmenný dle definice MIB.

snmpwalk -c public -v 2c 10.10.1.2 IF-MIB::ifTable
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifIndex.4 = INTEGER: 4
IF-MIB::ifIndex.5 = INTEGER: 5
IF-MIB::ifIndex.6 = INTEGER: 6
IF-MIB::ifDescr.1 = STRING: ether1
IF-MIB::ifDescr.2 = STRING: ether2
IF-MIB::ifDescr.3 = STRING: ether3
IF-MIB::ifDescr.4 = STRING: ap54a
IF-MIB::ifDescr.5 = STRING: ap54b
IF-MIB::ifDescr.6 = STRING: ap54c
IF-MIB::ifType.1 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.4 = INTEGER: ieee80211(71)
IF-MIB::ifType.5 = INTEGER: ieee80211(71)
IF-MIB::ifType.6 = INTEGER: ieee80211(71)
IF-MIB::ifMtu.1 = INTEGER: 1500
IF-MIB::ifMtu.2 = INTEGER: 1500
...

OID IF-MIB::ifTable nám vypíše veškeré informace o síťových interface, název, rychlost, MTU, chyby, status atd. Více je pěkně popsáno zde.

Mikrotik má i svůj MIB, který když nepřidáme do správného adresáře, objeví se nám tato hláška.

snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mikrotik
MIB search path: /home/smejdil/.snmp/mibs:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (MIKROTIK-MIB): At line 1 in (none)
MIKROTIK-MIB::mikrotik: Unknown Object Identifier

Tento soubor MIKROTIK-MIB.mib musíme umístit do některé z těchto cest.

snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mikrotik
snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mtxrSystem
snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mtXRouterOs
snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mtxrWireless
snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mtxrLicense
snmpwalk -Os -c public -v 2c 10.10.1.2 MIKROTIK-MIB::mtxrScripts

Takto se dostaneme k hodotám popisovaných v MIBu.

Nutno ještě dodat, že při snaze monitorovat interface několika mikrotiků, narážel jsem na nejednotnost ifIndex hodnot. U zařízení, kde je např. 6 interface bych očekával, že ifIndexy budou 1,2,3,4,5,6, ale u některých Mikrotiků jsem běžně vídal ifIndexy 4,7,8,12,15,16, asi je to způsobeno přidáváním a ubíráním karet. Jeden 1U x86 router s Mikrotik 5.x měl 4 interface a ifIndex byl 96,97,98,99, což mě skutečně zaskočilo. Řešením je mít template ifIndex_1 a ten si dle potřeb naklonovat a upravit dle hodnoty požadované v konkrétním routeru.

Zabbix umožňuje vytvořit Template_RB443, který tvoří dílčí Template. např. CPU, Ifindex1-6 atd. Má zkušenost se SNMP a Mikrotikama je dosti rozpačitá :-)
+
http://blog.smejdil.cz/2012/03/datovka-od-labsniccz.html">Datovka od labs.nic.cz13.03.12-16:19
Aplikaci datovka jsem již zkoušel dříve a to na OS Linux Ubuntu, pro který je připraven PPA repository.

Nyní používám LMDE a tak jsem se pustil do manuální instalce. Poznamenávám si zde, jak sem si počínal. Datovka je psána v jazyce Python.

sudo aptitude install python-gtk2
sudo aptitude install python-dev
sudo aptitude install python-setuptools

Budeme potřebovat stáhnout src tarbaly odtud.

wget http://www.nic.cz/public_media/datove_schranky/releases/datovka-2.0.2/src/datovka-2.0.2.tar.gz
wget http://www.nic.cz/public_media/datove_schranky/releases/datovka-2.0.2/src/dslib-2.0.2.tar.gz
wget http://www.nic.cz/public_media/datove_schranky/releases/datovka-2.0.2/src/sudsds-1.0.tar.gz

Postupně rozbalíme archivy a vykonáme instalační rutinu.

tar xvzf sudsds-1.0.tar.gz
cd sudsds-1.0
sudo python setup.py install --install-layout=deb
...
...
Installed /usr/lib/python2.6/dist-packages/sudsds-1.0-py2.6.egg
Processing dependencies for sudsds==1.0
Finished processing dependencies for sudsds==1.0

tar xvzf dslib-2.0.2.tar.gz
cd dslib-2.0.2
sudo python setup.py install --install-layout=deb
...
...
Using /usr/lib/pymodules/python2.6
Finished processing dependencies for dslib==2.0.2

tar xvzf datovka-2.0.2.tar.gz
cd datovka-2.0.2/
sudo python setup.py install --install-layout=deb
...
...
Using /usr/lib/pymodules/python2.6
Finished processing dependencies for datovka==2.0.2

Po instalaci jsem ještě upravil zpouštěcí script.

sudo joe /usr/local/bin/datovka
#!/usr/bin/python
# EASY-INSTALL-SCRIPT: 'datovka==2.0.2','datovka'
__requires__ = 'datovka==2.0.2'
import pkg_resources
pkg_resources.run_script('datovka==2.0.2', 'datovka')
+
http://blog.smejdil.cz/2012/03/holux-gpsport-245-on-linux.html">Holux gpsport 245 on Linux05.03.12-13:42
Dobrým kompromisem mezi tachometrem a GPS trackerem pro kolo mi příjde tento model Holux gpsport 245. Cena je unosná a funcionalita též potěší.

Na stránkách výrobce se dá stáhnout USB Cable Driver(Linux), ale mají to šité horkou jehlou a nutná editace některých souborů kde koho odradí. Nehledě na to že návod mají jen pro RPM based distribuce. Kompilovat ručně se samozřejmně dá.

Daný model jsem si vypůjčil od bikera Pavla co jej vlastní již od vánoc. Též mě na něj přivedl. Po připojení Holuxu k mému pracovnímu ntb s LMDE, jsem zjisil, že onen driver nemusím kompilovat ručně, mám jej již v systému.

Mar 6 13:35:48 ntb kernel: [106595.448691] usb 2-1.3: new full speed USB device number 8 using ehci_hcd
Mar 6 13:35:48 ntb kernel: [106595.542836] usb 2-1.3: New USB device found, idVendor=10c4, idProduct=ea60
Mar 6 13:35:48 ntb kernel: [106595.542846] usb 2-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Mar 6 13:35:48 ntb kernel: [106595.542852] usb 2-1.3: Product: CP2102 USB to UART Bridge Controller
Mar 6 13:35:48 ntb kernel: [106595.542857] usb 2-1.3: Manufacturer: Silicon Labs
Mar 6 13:35:48 ntb kernel: [106595.542862] usb 2-1.3: SerialNumber: 0001
Mar 6 13:35:48 ntb kernel: [106595.544056] cp210x 2-1.3:1.0: cp210x converter detected
Mar 6 13:35:48 ntb mtp-probe: checking bus 2, device 8: "/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3"
Mar 6 13:35:48 ntb kernel: [106595.616610] usb 2-1.3: reset full speed USB device number 8 using ehci_hcd
Mar 6 13:35:48 ntb kernel: [106595.709390] usb 2-1.3: cp210x converter now attached to ttyUSB0
Mar 6 13:35:48 ntb mtp-probe: bus: 2, device: 8 was not an MTP device

moduly v jádře

smejdil@ntb:~$ lsmod | grep cp210
cp210x 21121 0
usbserial 32046 2 cp210x,garmin_gps
usbcore 124242 8
cp210x,garmin_gps,usbserial,uvcvideo,btusb,usbhid,ehci_hcd

Nalezl jsem aplikaci mtkbabel pro práci s MTK čipama od MediaTek.

mtkbabel -s 38400
MTK Test OK
MTK Firmware: Version: 1, Release: M-core_2.12, Model ID: 0000
Log format: (8800003D) UTC,LATITUDE,LONGITUDE,HEIGHT,SPEED
Size in bytes of each log record: 21 + (0 * sats_in_view)
Logging TIME interval: 3.00 s
Logging DISTANCE interval: 0.00 m
Logging SPEED limit: 0.00 km/h
Recording method on memory full: (1) OVERLAP
Log status: (000100000010) AUTOLOG_ON,OVERLAP_WHEN_FULL,ENABLE_LOG
Next write address: 14296 (0x000037D8)
Number of records: 685

Pro stažení tracku puožiji mnou velmi oblíbený gpsbabel s tim že použiji file type m241, který je zjevně kompatibilní s m245.

gpsbabel -t -i m241 -f /dev/ttyUSB0 -o gpx -F Holux_test.gpx
data.bin
Holux_test.gpx

gpsbabel -D 4 -t -r -w -i m241 -f /dev/ttyUSB0 -o gpx -F Nocni_vyjizdka_`date +'%F%H%M'`.gpx

Získaný tracklog mohu importovat např. do Endomondo.
+
http://blog.smejdil.cz/2012/02/expedice-bezky-vol2.html">Expedice běžky vol.225.02.12-20:52

Expedice běžky vol.2, a set on Flickr.
Více na blogu www.negri.cz
+
http://blog.smejdil.cz/2012/02/download-mapsource-from-garmin-and.html">Download mapsource from garmin and install without cd24.02.12-18:11
http://www.raymond.cc/blog/download-mapsource-from-garmin-and-install-without-cd/

MapSource_6163.exe (Only update) Fuck off Garmin !!!

uniextract161.exe / Extract MapSource_6163.exe to Directory MapSource_6163

run first
MSmain.msi

run install
Setup.exe

Normal install (No only Update)

Kreteni !!!! z Garminu !!!
+
http://blog.smejdil.cz/2012/02/zabbix-debian-initd-script.html">Zabbix Debian init.d script14.02.12-10:58
Dnes od rána řeším nenabíhání zabbix-agent i zabbix-server po rebootu. Instalace zabbixu je ze src, kde se i nachazeji init scripty od tvůrce Zabbixu Alexei Vladishev.

./zabbix-1.8.10/misc/init.d/debian/zabbix-server
./zabbix-1.8.10/misc/init.d/debian/zabbix-agent

Tyto scripty jsou funkční, ale ne po bootu. Jsou psány zjevně pro starší Debian. Debian Linux 6.0 ("Squeeze") používá Script LSB (Linux Standards Base). Vice je popsáno zde.

Nejprve jsem se snažil přidat patřičnou sekci do src init.d scriptu. Ale to nepomohlo.

### BEGIN INIT INFO
# Provides: zabbix-server
# Required-Start: $remote_fs $network
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Should-Start: mysql
# Should-Stop: mysql
# Short-Description: Start zabbix-server daemon
### END INIT INFO

V desktop virtuálu mám Debian-6.0.4 a tak jsem si na něm udělal snapshot a nainstaloval zabbix-agennt a zabbix-server-mysql. A posléze si zkopíroval balíčkové 1.8.2 init scripty, které by fungovat měly.

Jenomže ejhle taky nezafungovaly. Tak jsem pátral dál a přišel jsem na daný problém. Defaulní src vzorové konfiguráky zabbix-server.conf používají proměnnou PidFile v /tmp, což jsem chybně zachoval a v tom je ten problém. Config i init script jsem měl upraven tak aby se použival pid v /tmp. Po přepsání konfigurace serveru i agenta na správné umístění PIDu, začal start zabbixu po bootování fungovat.

PidFile=/var/run/zabbix-server/zabbix_server.pid
...
NAME=zabbix_server
DAEMON=/opt/zabbix-server/sbin/$NAME
DESC="Zabbix server"
DIR=/var/run/zabbix-server
PID=$DIR/$NAME.pid
+
http://blog.smejdil.cz/2012/02/ledove-sochy-basnice.html">Ledové sochy Bašnice12.02.12-21:31

Ledové sochy Bašnice, a set on Flickr.
Dnes těsně po obědě jsme s rodinkou navštívili ledové sochy v Bašnici u Hořic. Vstupné dobrovolné.
+
http://blog.smejdil.cz/2012/02/openfire-with-openldap-on-debian.html">OpenFire with OpenLDAP on Debian04.02.12-16:07
Již v minulosti jsem zprovozňoval několik XMPP/Jabber serverů OpenFire v různých kombinacích. Kkonfiguraci s Active Directory jsem si již poznamenal, ale minulý týden jsem instaloval OpenFire oproti OpenLDAP na Debianu a trápil jsem se s mapováním skupin.

Stručný popis instalace:

OpenFire Jabber/XMPP
http://www.igniterealtime.org/projects/openfire/
http://www.igniterealtime.org/downloads/index.jsp
Download Openfire 3.7.1
manualne stažen soubor openfire_3.7.1_all.deb

Potřebné balíky

aptitude install sun-java6-jdk
aptitude install mysql-server-5.1

Založení databáze.

mysql -u root -p
create database openfire;
GRANT USAGE ON openfire.* TO openfire@localhost IDENTIFIED BY 'Jabber371';
GRANT SELECT, INSERT, UPDATE, CREATE, DELETE, DROP ON openfire.* TO openfire@localhost;
FLUSH PRIVILEGES;

Instalace balíčku

cd install
dpkg -i openfire_3.7.1_all.deb
Selecting previously deselected package openfire.
(Reading database ... 19315 files and directories currently installed.)
Unpacking openfire (from openfire_3.7.1_all.deb) ...
Setting up openfire (3.7.1) ...
adduser: Warning: The home directory `/var/lib/openfire' does not belong to the user you are currently creating.
Starting openfire: openfire.

http://jabber.domena.cz:9090/setup/index.jsp
https://jabber.domena.cz:9091/setup/index.jsp

Uprava LDAP konfigurace systemu

joe /etc/ldap/ldap.conf
BASE dc=domena,dc=cz
URI ldap://ldap.domena.cz

User v LDAP

dc=doemana,dc=cz
cn=jabber,dc=domena,dc=cz

Použití SRV záznamu je sepsáno zde.

Konfigurace LDAP ve Web Adminu OpenFire pro použítí s OpenLDAP

Hostitel: ldap.domena.cz - Lepší IP adresa
Port: 389
Základní DN: dc="domena",dc="cz"
DN administrátora: cn="jabber",dc="domena",dc="cz"

Mapování uživatelů
Pole Uživatel: uid
Jméno: name # možno změnit dle implementace LDAP
Email: email # možno změnit dle implementace LDAP
Pozice: description

Mapování skupin
Pole Skupina: cn
Pole Člen: memberUid
Pole Popis: description
Posix mód: Ano Ne
Filtr skupin: (&(objectClass=posixGroup))

Protože jsem se trápil s tím, že PosixGroup jsem viděl, ale ne její členy, vznesl jsem dotaz na OpenFire komunitu :-) A pak jsem si říkal, jaká to byla blbost. Vzhledem k tomu, že jsem danou konfiguraci již měl zprovozněnou, jen jsem to prostě přehlédl.
+
http://blog.smejdil.cz/2012/02/xmppjabber-openfire-dns-srv.html">XMPP/Jabber Openfire a DNS SRV04.02.12-14:48
Pokud se rozhodnu provozovat např. XMPP/Jabber server OpenFire v nějaké doméně, většinou se rozhodnu pro nějaký název jako třeba jabber.domena.cz. V tomto momentě se bez SRV záznamu obejdu.

Pokud mám server zprovozněn na doméně jabber.domena.cz, ale JID chci mít jmeno.prijmeni@domena.cz musím mít jabber server nainstalován na serveru, kam ukazuje doména domena.cz, což né vždy je možné. Proto musíme použít DNS SRV záznam, který jabber klientum s JID jmeno.prijmeni@domena.cz řekne, kde je daný server umístěn. Záznamy v DNS zóně vypadají následovně.

_xmpp-server._tcp.domena.cz. 3600 IN SRV 10 0 5269 jabber.domena.cz.
_xmpp-client._tcp.domena.cz. 3600 IN SRV 10 0 5222 jabber.domena.cz.

Formát SRV záznamu je pěkně popsán zde. SRV je záznam používán pro mnoho dalších služeb. Prvně jsem jej viděl použit u SIPu.

Kontrolu DNS záznamu můžeme prověřit pomocí příkazu dig.

dig @ns.cesnet.cz SRV _xmpp-server._tcp.gmail.com
dig @ns.cesnet.cz SRV _xmpp-client._tcp.gmail.com

Můžeme takto snadno zjistit, na kterém hostname jsou provozovány jabber servery (jabber.cz, jabbim.cz, seznam.cz :-) a treba jabber.org) a hlavně, zda používají SRV záznam.

Z logu DNS serveru bind jsem vypozoroval dotazy od XMPP klienta Pidgin.

04-Feb-2012 14:46:41.530 queries: info: client 192.168.0.1#58165: query: _xmpp-client._tcp.domena.cz IN SRV + (192.168.0.1)
+
http://blog.smejdil.cz/2012/02/zub-na-grafu.html">Zub na grafu04.02.12-14:25

Dnes jsem do domacího IP SMART BOARDu, který používám jako termostat s dvěma čidlama nahrával nový opravný firmware ip1_0_3.bin Čidlo sleduji pomocí SNMP a zaznamenávám do Zabbixu. Po upgradu jsem větral danou místnost a je neskutečný, jak teplota v místnosti klesne za 10 minut z 22 °C na 6 °C. S tím že venku bylo asi -10 °C nevím přesně.
+
http://blog.smejdil.cz/2012/01/remote-scan-on-hp-laserjet-3390.html">Remote scan on HP LaserJet 339024.01.12-13:33
K užití se mi naskytla tiskárna HP LaserJet 3390, což je typ AllInOne. Kolega hlásil, že drivery k Vista a Win7 a výše 64bit pro scan prý nejsou a nebudou. A tak jsem pátral po možnosti pod Linuxem LMDE. Nápomocny mi byl help k Ubuntu.

https://help.ubuntu.com/community/HpAllInOne

Můj postup byl následující:

Nainstaluji SANE a ovladače hplip

apt-get install sane xsane
apt-get install hplip

hp-makeuri 192.168.10.42

HP Linux Imaging and Printing System (ver. 3.11.5)
Device URI Creation Utility ver. 5.0

Copyright (c) 2001-9 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.

CUPS URI: hp:/net/HP_LaserJet_3390?ip=192.168.10.42
SANE URI: hpaio:/net/HP_LaserJet_3390?ip=192.168.10.42
HP Fax URI: hpfax:/net/HP_LaserJet_3390?ip=192.168.10.42

Pak už jen pustim xsane s URI

xsane hpaio:/net/HP_LaserJet_3390?ip=192.168.10.42

Jsem moc rád, když velcí výrobci Linux podporují. Hnedle je možno říct že daný model je 100% kompatibilní s Linuxem. "Kupte si jej pro používání s Linuxem :-)"
+
http://blog.smejdil.cz/2012/01/htc-desire-s.html">HTC Desire S09.01.12-16:01
Tak jsem se konečně dočkal nějakého telefonu s Androidem. Je jím HTC Desire S. Od dob, kdy jsem Android testoval poprvé na HTC TyTN II uteklo již hodně vody. Dnes je na trhu mnoho telefonu a výběr je opravdu velký.

Po rozbalení a zapnutí mě velmi mile překvapilo, že import kontaktů ze stařičkého SE K790i pomocí Bluetooth proběhl bez naprostých problémů. A zvládl by ho asi netechnický uživatel.

Zatím se seznamuji, což bude chvíli trvat. Jinak výdrž baterek zatím bída :-) což je vlastnost.

Update: 10.4.2012
Výměna černého modelu za šedivý :-)
+
http://blog.smejdil.cz/2012/01/lmde-wine.html">LMDE wine09.01.12-11:01
Nevim proč, ale v repo LMDE není wine. Kompiluji tedy ručne dle wiki.

Doporučené baličky jsou popsány zde.

Building Wine on 64-bit Debian Testing

Doinstalovával jsem kupu dev baliků.
+
http://blog.smejdil.cz/2012/01/tablet-yarvik-tab410-s-adndroid.html">Tablet Yarvik TAB410 s Adndroid05.01.12-22:39
Dostal se mi do rukou asi na 14 dní tento tablet s OS Android 2.2 #4026. Na stránkách výrobce již model TAB410 není, tak uvádím odkaz na novější model TAB420. Nutno hnedle na zažátku dodat že na iPad tento kousek prostě nemá. Fakt, že nelze instalovat z klasického Android Marketu systém značně ochuzuje. Pro instalaci apikací je zde integrován portál Getjar. Pár známých aplikací jsem tam našel. Např. nasraný ptáci - Angry Birds, na 10" displeji se to hraje moc pěkně.

Tablet se ke mě dostal z důvodu nefunkce webové administrace automatu Tecomat. Přesněji stránka vyžaduje podporu XML v browseru. Integrovaný browser zobrazí jen bílou stránku. Důvodem je, že operační systém Android bohužel neobsahuje ve svém prohlížeči XSLT transformaci, takže pomocí něj nelze stránky zobrazit. Pokoušel jsem se instalovat Operu a Firefox pro Android z oficiálních zdrojů, ale vždy to po mě chtělo Google účet který již je spojen s nějakým Android mobilem. Zatím nejsem vlastníkem telefonu s androidem, ale to se asi brzo změní. Tak posléze doplním, zda se mi podařilo na Yarvik TAB410 doinstalovat nějaký klasický web browser.

Do tabletu se mi podařilo doinstalovat operu z tohoto zdroje. Vybral jsem soubor opera.v11.00.1103311355.apk a po stažení instalace dopadla dobře. Stránka automatu je již funkční.
+
http://blog.smejdil.cz/2012/01/juniper-srx650-prvni-kroky.html">Juniper SRX650 prvni kroky05.01.12-20:00
Hnedle drudý den v nové práci jsem byl s kolegou vyzvednou router Juniper SRX650, jako testovací kousek od DNS a.s. CITY EMPIRIA. Router jsem přivezl do kanclu a druhý den jsem se v něm již musel vrtat. Hodil se mi seriový kabel, který mám od nějakého Cisco routeru.

Routery Juniper mají v sobě systém JUNOS, což je v základu FreeBSD, které nám umožňuje pouštět klasické userland aplikace, netstat, ping, tcpdump atd. V systému je jediný balíček a to je junos. FreeBSD je patřičně modifikováno, ale je tam hodně cejtit.

ntb:$ ssh 192.168.10.42
--- JUNOS 10.4R4.5 built 2011-05-06 06:14:23 UTC
smejdil@juniper> start shell
% pwd
/cf/var/home/smejdil
% uname -a
JUNOS juniper 10.4R4.5 JUNOS 10.4R4.5 #0: 2011-05-06 06:14:23 UTC builder@warth.juniper.net:/volume/build/junos/10.4/release/10.4R4.5/obj-octeon/bsd/sys/compile/JSRXNLE octeon
% pkg_info
junos JUNOS Software Release [10.4R4.5]

Dostal jsem za úkol router nakonfigurovat tak, aby se dal umístit do serverovny s veřejným IP. Dále jsem přidal nějakého uživatele a nastavili patřičné politiky.

Pomocí sériové konzole a patřičného kabelu jsem se již přihlásil na daný box.

sudo screen /dev/ttyUSB0 9600

login: root
--- JUNOS 10.4R4.5 built 2011-05-06 06:14:23 UTC
root@%
root@% cli
root>

Prompt: root@% - FreeBSD
Prompt: root> - konfigurační režim
Prompt: root# - editační režim

Jakožto naprostý zčátečník jsem použil config-wizard, který mě provede základním nastavením.

root@% config-wizard
Enter host name: juniper
Please enter root password:
Retype root password:

Would you like to configure domain name? [yes,no] (no): y
Enter domain name: juniper.smejdil.cz

Would you like to configure name server? [yes, no] (no): y
Enter IP address for the name server: 195.113.144.194

Configure the following network interfaces

Identifier Interface Identifier Interface
1 ge-0/0/0 2 ge-0/0/1
3 ge-0/0/2 4 ge-0/0/3
...

Would you like to configure any of the above interfaces? [yes,no] (yes): no

Enter a new user name: smejdil
Please enter user password:
Retype user password:

Would you like to configure SNMP Network Management? [yes,no] (no): y
Enter a SNMP V2 read-only mode community string [public]:

Would you like to review configuration commands? [yes,no] (no): y
The following configuration command(s) were created:

set system host-name juniper
set system root-authentication encrypted-password-value "********"
set system name-server 195.113.144.194
set system services web-management http
set system services telnet
set system services ssh
set system domain-name smejdil.cz
set system login user smejdil class super-user authentication encrypted-password "********"
set system services web-management http
set system services telnet
set system services ssh
set snmp community "public" authorization read-only

Would you like to commit the initial configuration and exit? [yes,no]: yes

Building configuration ...
Finished.

Please type 'cli' to enter JUNOS CLI operation mode.

Další nastavení je prováděno např takto:

root@juniper> configure
Entering configuration mode
set interfaces ge-0/0/0 unit 0 family inet address 192.168.10.42/30
set routing-options static route 0.0.0.0/0 next-hop 192.168.10.41
set system ntp server 195.113.144.238
set system ntp server 195.113.144.201
set system time-zone Europe/Prague
commit

Toto pro seznámení zatím postačuje.
+
http://blog.smejdil.cz/2011/12/kindle-podpora-medii.html">Kindle podpora medií28.12.11-10:53

Pro čtečku knih Amazone Kindle existuje již podpora několika periodik. Uvádím si zde seznam nalezených.
- http://www.novinky.cz/kindle/
- http://www.e15.cz/kindle
- http://kindle.centrum.cz/
- http://vice.idnes.cz/kindle_zadani.asp
Služby
- http://www.kindly.cz/
- http://www.ecti.cz/cteni-zdarma-zdroje/
+
http://blog.smejdil.cz/2010/06/storry-of-my-geocoin-tbvkg0.html">Storry of my GeoCoin TBVKG022.12.11-22:19
První GeoCoin, který jsem si pořídíl v roce 2006 SmEjDiL's Czech GeoCoin jsem nechl zavést svým známým Houmr13 do Malaysie Kuala Lumpur City Center - GCVNR5, odkud nechtěně putoval na Australský kontinent. Kde nějakou dobu putoval. Dne 27.9.2008 byl vložen do cache Rocky Heights - GC18ACK, kde si mince počkala až do 27.5.2010, kdy jej vyzvedl syn mé kolegyně z práce ZuzlaN, který si do daných končin národního parku Namadgi naplánoval velmi náročnou a dobrodružnou cestu se svým holandským kamarádem.

Zde je pár videjí z jejich výletu.

UPDATE:
ZuzlaN sepisuje svůj blog, kde uvádí Kapitola 24 Mt Kelly, která podrobně popisuje co zažili.
+
http://blog.smejdil.cz/2011/12/vodni-nadrz-les-kralovstvi-v-reklame.html">Vodní nádrž Les Království v reklame22.12.11-16:51
Přehrada Tešnov neboli Vodní nádrž Les Království učinkuje v rekmamě na Jameson "Fire"

Tady je ještě ukecaná verze.

Díky Štěpáne za odkaz.
+
http://blog.smejdil.cz/2011/12/lastfm-web-app.html">Last.FM web app21.12.11-09:02
Pokud někdo používá službu Last.FM hlavně s audioscrobblerem, tak existuje několik doprovodných aplikací, které umí načíst data o poslouchané hudbě.
- http://lastgraph.aeracode.org/ Generování pěkných grafů
- http://covers.nmstudio.pl/ Top album generátor
- http://bandlogos.descentrecords.com/ Brand logos
+
http://blog.smejdil.cz/2011/12/end-of-my-story-fg-forrest.html">END of my story - FG Forrest16.12.11-16:00
Dnes končím ve společnosti FG Forrest. A nastupuji na přijemnou 14ti denní dovolenou a od nového roku nastupiji jinde. V FG jsem se hodně naučil a určitě se mi zasteskne po fajn lidech.

Dnešní den byl ve zamení hraní Urban Terror, krásně jsem si užil Sniperování FG mělo vánoce a tak vetšina náchodské pobočky doslova pařila a z firmy se stala LAN párty.

Ať se Vám Forresti daří ...

WebSphere - WebSphere Portal

The latest updates about WebSphere Portal

+
Some enterprise applications are not synchronized in a multi-cluster environment15.05.12-12:53
Some enterprise applications are not synchronized in a multi-cluster environment including: MigratedThemes.ear eventExplorer websiteDisplayer feedReader
+
6.1.0.6-WP-IFPM6262915.05.12-06:46
CopyACSettingsCommand fails on none existing owner
+
6.1.0.6-WP-IFPM6126515.05.12-05:14
Enable UserCleanup to get target DN
+
7.0.0.2-WP-IFPM6204115.05.12-04:47
The base tag cannot be set xhtml compliant
+
6.1.0.6-WP-IFPM6200714.05.12-16:47
Default search collection PortalContent is displayed in the logs even though the collection doesn't exist
+
Server startup fails when using SUN RI JSF implementation14.05.12-12:28
The IBM WebSphere Portal 8.0 server will not start properly if you switch the JavaServer Faces (JSF) implementation for a portlet application from MyFaces to SUN RI.
+
Post-login update to group membership is not reflected in subsequent requests14.05.12-10:55
Group reuse causes unexpected results to PUMA API requests for group membership.
+
Secondary node fails to start and throws ClassNotFound WSRP_v1_Markup_Binding_SOAPImpl10.05.12-10:57
You installed Websphere Portal on the second node as a binary installation. After the secondary node was federated and clustered, Portal failed to initialize. The ClassNotFoundException found in SystemOut.log matches the description in Technote # 1586922. You then installed the fix for PM56244 and ran the ConfigEngine tasks per the instructions in the fix Readme file. After that, Portal still failed to start and threw a different ClassNotFound error: WSWS1002E: An error occurred while processing...
+
Limitation: Project menu not displaying in IE8 due to long project display title09.05.12-10:51
When you create a project with a long display title in IBM Web Content Manager, the project menu is prevented from displaying in Internet Explorer 8.
+
ISA-Data-Collector-for-Portal-8.0-v2.0.0_20120504-Unix08.05.12-19:03
IBM Support Assistant for WebSphere Portal Version 8.0 for UNIX
+
ISA-Data-Collector-for-Portal-8.0-v2.0.0_20120504-Windows08.05.12-19:02
IBM Support Assistant for WebSphere Portal Version 8.0 for Microsoft Windows
+
CWWIM5014E error while running ConfigEngine wp-modify-ldap-security08.05.12-18:48
When configuring standalone LDAP security for IBM WebSphere Portal, the ConfigEngine wp-modify-ldap-security task fails due to a missing LDAP entity type.
+
Upgrade Central: Planning your upgrade to WebSphere Portal 8.007.05.12-13:16
Upgrade Central provides key resources for planning and deploying IBM WebSphere Portal 8.0.x
+
Collecting Data: Read First for WebSphere Portal 8.004.05.12-18:25
Documents for collecting troubleshooting data for IBM WebSphere Portal 8.0 aid in problem determination and save time resolving Problem Management Records (PMRs).
+
Collecting Data: XML Configuration Interface (XMLAccess) for WebSphere Portal 8.004.05.12-13:55
Collecting troubleshooting data for XMLAccess issues with IBM WebSphere Portal 8.0 expedites time to resolution by enabling IBM Support to provide informed problem analysis.
+
Collecting Data: Virtual Portal for WebSphere Portal 8.004.05.12-13:51
Collecting troubleshooting data for Virtual Portal issues with IBM WebSphere Portal 8.0 expedites time to resolution by enabling IBM Support to provide informed problem analysis.
+
IBM Content Accelerator, IBM Collaboration Accelerator, and WebSphere Portal Server Version 8.0 Quick Start Guide04.05.12-13:30
IBM accelerators are integrated offerings that easily snap-on to IBM WebSphere Portal Server, helping to speed time-to-value by providing capabilities specific to and aligned with customer business challenges and needs. IBM Content Accelerator provides a powerful on-line content creation and management environment for delivering robust, high-value WebSphere Portal-based experiences that improve communication and productivity. IBM Collaboration Accelerator enables team collaboration, instant mess...
+
IBM Content Accelerator Version 8 Quick Start Guide04.05.12-13:23
IBM accelerators are integrated offerings that easily snap-on to IBM WebSphere Portal Server, helping to speed time-to-value by providing capabilities specific to and aligned with customer business challenges and needs. IBM Content Accelerator and WebSphere Portal Server provides a powerful on-line content creation and management environment for delivering robust, high-value WebSphere Portal-based experiences that improve communication and productivity.
+
IBM WebSphere Portal, WebSphere Portal Express and Web Content Manager Version 8 Quick Start Guide04.05.12-13:17
IBM WebSphere Portal is an enterprise portal solution with the complete portal services that are necessary to deliver a single point of personalized interaction to applications, content, business processes, and people for a unified user experience. IBM WebSphere Portal Express offers the complete set of portal services necessary to deliver a single point of personalized interaction to applications, content, business processes, and people for a unified user experience. IBM Web Content Manager is ...
+
IBM Customer Experience Suite Version 8.0 Quick Start Guide04.05.12-12:57
IBM Customer Experience Suite combines the essential ingredients needed to deliver exceptional, differentiated web experiences, including web content management, rich social and real-time communication features, search, commerce and analytics support, personalization, rich media management, mobile device support, and comprehensive integration capabilities. The net result is an agile platform that helps organizations dramatically improve their online experiences for their customers across multipl...
+
IBM Intranet Experience Suite Version 8.0 Quick Start Guide04.05.12-12:50
IBM Intranet Experience Suite combines the essential ingredients needed to deliver exceptional, differentiated web experiences, including web content management, rich social and real-time communication features, search, commerce and analytics support, personalization, rich media management, mobile device support, and comprehensive integration capabilities. The net result is an agile platform that helps organizations dramatically improve their online experiences for their customers across multipl...
+
IBM Collaboration Accelerator Version 8 Quick Start Guide04.05.12-12:44
IBM accelerators are integrated offerings that easily snap-on to IBM WebSphere Portal Server, helping to speed time-to-value by providing capabilities specific to and aligned with customer business challenges and needs. IBM Collaboration Accelerator and WebSphere Portal Server enables team collaboration, instant messaging, web conferencing, and social networking to improve organizational knowledge sharing.
+
Collecting Data: Portal User Management Architecture (PUMA) for WebSphere Portal 8.004.05.12-02:00
Collecting troubleshooting data for Portal User Management Architecture (PUMA) with IBM WebSphere Portal 8.0 helps IBM Support to understand the problem and saves time analyzing the data.
+
Collecting Data: Login for WebSphere Portal 8.004.05.12-02:00
Collecting troubleshooting data for Login issues with IBM(R) WebSphere(R) Portal 8.0 expedites time to resolution by enabling IBM Support to provide informed problem analysis.
+
EJPAK0003W occurs because login portlet did not receive user's credentials03.05.12-15:44
When HTTPS is configured for login, a redirect rule on the web server may prevent the POST over HTTPS from reaching the web server plug-in.
+
Terms of Use01.01.70-01:00
Terms of Use

WebSphere - WebSphere Application Server

The latest updates about WebSphere Application Server

+
PM64926: UPDATECONFIG LOG FILE OVERWRITTEN BY IM18.05.12-02:00
UpdateInstaller for WebSphere Application Server V7 preserved historical copies of the log file updateconfig.log.
+
PM64925: IMPROVE THE WORDING OF "PARTIAL SUCCESS" MESSAGE IN INSTALLATION MANAGER18.05.12-02:00
If Installation Manager detects a partial success or failure from the config manager (configManagerLauncher.sh|bat), it
+
PM56596; 7.0.0.21: messages build up on publication point and do not flow16.05.12-18:37
Messages stuck on Messaging engine (ME) hosting publication point and stay in pending acknowledgment mode.
+
WebSphere Application Server CIP for a fixpack upgrade reports "The file lafiles/LA_cs could not be replaced"16.05.12-11:36
Running an Install Factory created Customized Installation Package (CIP) against a previously-installed WebSphere Application Server (WSAS) to apply a fix pack upgrade produces the following message within the log.txt: The file lafiles/LA_cs could not be replaced.
+
7.0.0.11-WS-WAS-IFPM5659616.05.12-10:19
Messages stuck on Messaging engine (ME) hosting publication point and stay in pending acknowledgment mode.
+
SECJ0371W Warning Message Additional Information14.05.12-19:24
How to determine the client that is causing the SECJ0371W message?
+
Webcast replay: An Introduction to the WebSphere Application Server Performance Tuning Toolkit11.05.12-11:39
The WebSphere Application Server Performance Tuning Toolkit (PTT) is an Eclipse-based intelligent tool designed to help users tune the performance of WebSphere Application Server using data analysis and statistical inference technology. This exchange is designed to go through the main functions of PTT and includes a demo on how to use it with the built-in sample applications. Level of Difficulty: Intermediate Presenter(s): Sui Peng Fei Date: 08 May 2012
+
Draft Redpaper - WebSphere Application Server V8.5: Technical Overview Guide11.05.12-06:00
IBM(R) WebSphere(R) Application Server is the leading software foundation for service-oriented architecture (SOA) applications and services for your enterprise. With IBM WebSphere Application Server, you can build business-critical enterprise applications and solutions and combine them with innovative new functions. The WebSphere Application Server family includes and supports a range of products that helps you develop and serve your business applications. These products make it easier for clients t...
+
Draft Redpaper - WebSphere Application Server: New Features in V8.511.05.12-06:00
WebSphere Application Server can help businesses offer richer user experiences through the rapid delivery of innovative applications. Developers can jumpstart development efforts and leverage existing skills by selecting from the comprehensive set of open standards-based programming models supported. This function allows developers to better align project needs with programming model capabilities and developer skills. WebSphere Application Server also speeds application delivery by encouraging r...
+
Draft Redbooks - WebSphere Application Server V8.5 Concepts, Planning, and Design Guide11.05.12-06:00
This IBM(R) Redbooks(R) publication provides information about the concepts, planning, and design of IBM WebSphere(R) Application Server V8.5 environments. The target audience of this book is IT architects and consultants who want more information about the planning and designing of application-serving environments, from small to large, and complex implementations. This book addresses the packaging and features in WebSphere Application Server V8.5 and highlights the most common implementation topologi...
+
7.0.0.21-WS-WAS-MultiOS-IFPM5191510.05.12-17:21
SIP Proxy should use default SIP port numbers rather than ephemeral port numbers for reconnect scenarios.
+
8.0.0.2-WS-WASProd-IFPM4518108.05.12-10:34
A NullPointerException may occur when a JAX-RPC application receives a message that contains no elements in the SOAP Body.
+
8.0.0.0-WS-WASProd-IFPM4518108.05.12-10:23
A NullPointerException may occur when a JAX-RPC application receives a message that contains no elements in the SOAP Body.
+
6.1.0.0-WS-WAS-IFPM4518108.05.12-10:17
A NullPointerException may occur when a JAX-RPC application receives a message that contains no elements in the SOAP Body.
+
6.0.2.1-WS-WASBase-IFPM4518108.05.12-10:12
A NullPointerException may occur when a JAX-RPC application receives a message that contains no elements in the SOAP Body.
+
8.0.0.0-WS-WASProd-IFPM4358508.05.12-08:55
Possible security exposure with WebSphere Application Server with WS-Security enabled JAX-WS applications using LTPA tokens
+
Execution of the WebSphere UpdateInstaller's update.bat file does not provide return code06.05.12-11:15
Updating WebSphere(R) Application Server V6.1 and V7.0 using update.bat to launch the UpdateInstaller (UPDI) will immediately return to a command prompt while a separate process is launched to run the UPDI. If a stateful return code is needed, then certain parameters will need to be used.
+
8.0.0.0-WS-WASJavaSDK-OS390-IFPM6354104.05.12-10:41
SHIP SDK APARS IV18371+IV19615+IV20339 AS WSAS IFIX
+
7.0.0.21-WS-WAS-IFPM5728003.05.12-17:53
The pre-invalidation listener's shouldInvalidate method is not invoked for cache entries invalidated when the cache is full.
+
7.0.0.15-WS-WAS-IFPM5728003.05.12-17:37
The pre-invalidation listener's shouldInvalidate method is not invoked for cache entries invalidated when the cache is full.
+
Migrating OpenSSL certificates from the Apache HTTP Server to the IBM HTTP Server KDB file03.05.12-12:34
How do I migrate my Apache certificates to IBM HTTP Server?
+
Running the ws_ant.bat or schemaGen.bat commands in WebSphere Application Server V7.0 results in error, "setupCmdLine.bat was unexpected at this time"03.05.12-12:27
When running the ws_ant.bat or schemaGen.bat command in WebSphere Application Server V7.0 on Windows, it will immediately end and show the error "setupCmdLine.bat was unexpected at this time". There might be some additional information in front of this error message. This occurs when the product is installed in a directory containing parenthesis characters, such as "Program Files (x86)".
+
PM60895; 7.0.0.9: Externally published fix for PM51310 has packaging problem03.05.12-11:40
A problem during packaging of the externally published APAR PM51310 would display the problem description of APAR PM53035 and has the code changes of PM53035.
+
Webcast replay: IBM Java Health Center - Overview and Usage02.05.12-16:53
The IBM Java Health Center is a tool shipped with IBM Java which includes a low overhead sampling profiler among other powerful features such as monitor contention and more. This WebSphere Support Technical Exchange is designed to cover how to use it in production environments in its headless mode, and how to analyze the results. Level of Difficulty: Intermediate Presenter(s): Kevin Grigorenko Date: 1 May 2012
+
MustGather: Channel Framework problems in WebSphere Application Server02.05.12-13:55
Collecting data for problems with the IBM WebSphere Application Server HTTP and TCP Channel component. Gathering this MustGather information before calling IBM support will help you understand the problem and save time analyzing the data.
+
Terms of Use01.01.70-01:00
Terms of Use

SANS Internet Storm Center, InfoCON: green

+
PHP 5.4 Remote Exploit PoC in the wild, (Sat, May 19th)19.05.12-15:46
There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

Since there is no patch available for this vulnerability yet, you might want to do the following:

Block any file upload function in your php applications to avoid risks of exploit code execution.
Use your IPS to filter known shellcodes like the ones included in metasploit.
Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
Use your HIPS to block any possible buffer overflow in your system.

Manuel Humberto Santander Pelez

SANS Internet Storm Center - Handler

Twitter:@manuelsantander

Web:http://manuel.santander.name

e-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
ZTE Score M Android Phone backdoor, (Fri, May 18th)18.05.12-13:41
If you do have an Android phone, take a look if you have this application in /systen/bin. At this point, only this one particular model is reported to have this application present, but it would be odd to not have ZTE use the same backdoor on other models.
Cataloging and limiting suid applications should be a standard unix hardening step. The simplest way in my opinion to find suid binaries is to use this find command:
find / -x -type f -perm +u=s
Files with the suid bit set will run as the user owning the file, not as the user executing the file. This is typically used to allow normal users to execute particular administrative tasks. So verify if you need or don't need to execute a particular binary as normal user before removing the suid bit.
Update: The file has also been found on the ZTE Skate.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
ISC StormCast for Friday, May 18th 2012 http://isc.sans.edu/podcastdetail.html?id=2545, (Fri, May 18th)18.05.12-04:25
+
ISC Feature of the Week: Tools->Information Gathering, (Thu, May 17th)17.05.12-22:39
Overview

One of the sections on the ISC Tools page is Information Gathering at https://isc.sans.edu/tools/#info-gathering. This collection will help you easily find out how your browser and plugins look to the outside and lists some other information lookup tools.

Features

Browser Headers - https://isc.sans.edu/tools/browserinfo.html

How a server sees your browser.

https://isc.sans.edu/tools/browserinfo.html#your-info - You public IP and various pieces of Header iformation
https://isc.sans.edu/tools/browserinfo.html#additional - Additional lookups that require javascript be enabled
https://isc.sans.edu/tools/browserinfo.html#plain-text - Plain text information summary you can copy/paste for analysis

Browser Plugin Detector - https://isc.sans.edu/tools/adobinator.html

This page attempts to detect various browser plugins. The detection code used was created using PluginDetect.

Lists plugins detected and various version information for each.

Site Availability Check - https://isc.sans.edu/tools/sitecheck.html

Checks if hostname is reachable.

Single input box.
Displays failure if unreachable.
If reachable, outputs:

Page load time
Page size in bytes
Return status code (ie. 200 success)
Final URL

Site DNS Check - https://isc.sans.edu/tools/dnscheck.html

Hostname to IP DNS resolver.

Single input box.
Output IP if system is able to resolve.

Whereis[IP] - https://isc.sans.edu/tools/whereis.html

Multi-line input box. Enter one(1) IP per line.
Output table contains:

IP ADDRESS queried
ASN of IP
NETWORK assignment
COUNTRY abbreviation
ISP name
RIR - Name of registry

Content Security Policy Test - https://isc.sans.edu/tools/csptest.html

Created for Firefox 4 but features may be found in other browsers.

Lots of details and information on the test outlined and explained on the page

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
New IPv6 Video: IPv6 Router Advertisements https://isc.sans.edu/ipv6videos, (Thu, May 17th)17.05.12-21:23
+
Do Firewalls make sense?, (Thu, May 17th)17.05.12-20:25
To clarify from the start: I am talking here about good old basic network firewalls. No deep packet inspection rules and no host based firewalls.
From a security point of view, firewalls offer two main functions: They regulate traffic, and they provide logs. The second part is often neglected. But look over some of the stories here, and quite frequently, you will find cases in which firewall logs tripped the scale. For example the duplicate DNS response issue earlier this week was initially found by an observant reader watching firewall logs.
When it comes to filtering, some consider firewalls not worth the trouble because they only filter on ports that are closed on the server anyway. I think this shows a lack of understanding of what a firewall can do protecting servers. My best firewall wins came usually from outbound filtering from traffic trying to leave the server.
The next argument against firewalls is that there are usually better devices to do the filtering: Proxies have real application insight, router and switch ACLs can usually pick up the low end port filtering part. As far as the proxy is concerned: I say get one too. But proxies are usually rather complex devices to configure correctly and I rather get the easy stuff out of the way first using a firewall. At the same time: How do I make sure my traffic actually uses the proxy? That typically involves a firewall.
A switch or a router may have many features that are found in a classic firewall (even state-full rules and some application logic). They may be perfectly fine for a home user or a small business. However, in particular in an enterprise context, you probably want to split the firewall functionality to a different device, and with that to a different group of people. The people dealing with routing and network performance (packet movers) are usually not the same people that are dealing with firewalls and filtering (packet droppers).
But how many modern attacks are really blocked by firewalls? Aren't they all sending a spear phishing email to the user, tricking the user to download malware some chinese kid wrote via the filtering proxy we installed? Next they exfiltrate the data via that same proxy (or DNS, or SMTP... or other services we have to allow)? In part, these modern attack are a testimony to the effectiveness of firewalls. An attacker would probably rather still use the same tool they used back in the 90s to brute force file sharing passwords and download data straight from the system. But sadly, because now even some universities block file sharing using a firewall, these attacks no longer work.
Against these modern attacks, we have other defenses. Some may work against the older versions of these attacks as well. In short, these defenses can be summarized as end point protection (whitelisting, anti-virus, host based firewall, hardening of the system...). Hardening a large number of end points is however a lot more difficult then configuring a few firewalls well placed at the right choke points.
By now, you are probably going to ask yourself: Why hasn't he talked about defense in depth yet? The argument doesn't really apply if you are trying to argue removing a device. Each additional security device can be justified with defense in depth. But some security devices don not add enough value to justify the expense. I don't think defense in depth itself can be used to justify a *particular* security device. It rather justifies the fact that some of our security devices are redundant and fulfill similar,-) .
Thoughts? Flames? Use the comment feature or sent us a non-public comment via the contact form.
[1]http://www.infoworld.com/d/security/the-firestorm-over-firewalls-193409

[2]http://www.networkworld.com/news/2005/070405perimeter.html
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
ISC StormCast for Thursday, May 17th 2012 http://isc.sans.edu/podcastdetail.html?id=2542, (Thu, May 17th)17.05.12-05:03
+
Reserved IP Address Space Reminder, (Wed, May 16th)17.05.12-04:58

List of Reserved IPv4 Address ranges

Address Range
RFC
Suitable for Internal Network

0.0.0.0/8
RFC1122
no (any address)

10.0.0.0/8
RFC1918
yes

100.64.0.0/10
RFC6598
yes (with caution: If you are a carrier)

127.0.0.0/8
RFC1122
no (localhost)

169.254.0.0/16
RFC3927
yes (with caution: zero configuration)

172.16.0.0/12
RFC1918
yes

192.0.0.0/24
RFC5736
no (not used now, may be used later)

192.0.2.0/24
RFC5737
yes (with caution: for use in examples)

192.88.99.0/24
RFC3068
no (6-to-4 anycast)

192.168.0.0/16
RFC1918
yes

198.18.0.0/15
RFC2544
yes (with caution: for use in benchmark tests)

198.51.100.0/24
RFC5737
yes (with caution: test-net used in examples)

203.0.113.0/24
RFC5737
yes (with caution: test-net used in examples)

224.0.0.0/4
RFC3171
no (Multicast)

240.0.0.0/4
RFC1700
no (or unwise? reserved for future use)

Most interesting in this context is RFC6598 (100.64.0.0/10), which was recently assigned to provide ISPs with a range for NAT that is not going to conflict with their customers NAT networks. It has been a more and more common problem that NAT'ed networks once connected with each other via for example a VPN tunnel, have conflicting assignments.
Which networks did I forget? I will update the table for a couple days as comments come in.
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875, (Wed, May 16th)16.05.12-19:02

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
New Version of Google Chrome released (19.0.1084.46) , (Wed, May 16th)16.05.12-17:00

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>

Sorry, no items found in the RSS file :-(

Advisory Files ≈ Packet Storm

Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers

+
libwpd WPXContentListener::_closeTableRow() Memory Overwrite18.05.12-16:43
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
+
HP Security Bulletin HPSBOV02780 SSRT10076618.05.12-16:41
HP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.
+
HP Security Bulletin HPSBUX02782 SSRT10084418.05.12-16:37
HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
+
Mandriva Linux Security Advisory 2012-07818.05.12-16:36
Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
+
Epicor Returns Management SOAP-Based Blind SQL Injection18.05.12-16:25
Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
+
Debian Security Advisory 2475-118.05.12-16:08
Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
+
Ubuntu Security Notice USN-1445-118.05.12-16:07
Ubuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
+
Ubuntu Security Notice USN-1444-118.05.12-16:07
Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
+
Secunia Security Advisory 4918518.05.12-13:16
Secunia Security Advisory - A vulnerability has been reported in Tornado, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.
+
Secunia Security Advisory 4922018.05.12-13:16
Secunia Security Advisory - A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
+
Secunia Security Advisory 4915018.05.12-08:07
Secunia Security Advisory - A vulnerability has been reported in the Aberdeen theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
+
Secunia Security Advisory 4921218.05.12-08:07
Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
+
Secunia Security Advisory 4922418.05.12-08:07
Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
+
Secunia Security Advisory 4916318.05.12-08:07
Secunia Security Advisory - A vulnerability has been reported in the Smart Breadcrumb module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
+
Secunia Security Advisory 4921018.05.12-08:07
Secunia Security Advisory - Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
+
Secunia Security Advisory 4916918.05.12-08:07
Secunia Security Advisory - A vulnerability has been reported in the Ubercart Product Keys module for Drupal, which can be exploited by malicious users to disclose sensitive information.
+
Secunia Security Advisory 4724418.05.12-08:07
Secunia Security Advisory - Tielei Wang has discovered a vulnerability in LibreOffice, which can be exploited by malicious people to compromise a user's system.
+
Secunia Security Advisory 4919518.05.12-08:07
Secunia Security Advisory - Gjoko Krstic has discovered a weakness and two vulnerabilities in Artiphp, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
+
Secunia Security Advisory 4921818.05.12-08:07
Secunia Security Advisory - A vulnerability has been reported in HP Business Service Management, which can be exploited by malicious people to compromise a vulnerable system.
+
Secunia Security Advisory 4909518.05.12-08:07
Secunia Security Advisory - A vulnerability has been reported in the pidgin-otr plugin for Pidgin, which can be exploited by malicious people to compromise a user's system.
+
Secunia Security Advisory 4916618.05.12-08:06
Secunia Security Advisory - A vulnerability has been reported in the Gliffy and Tempo plugins for JIRA, which can be exploited by malicious users to cause a DoS (Denial of Service).
+
Secunia Security Advisory 4921918.05.12-08:06
Secunia Security Advisory - A vulnerability has been reported in Sudo, which can be exploited by malicious users to bypass certain security restrictions.
+
Secunia Security Advisory 4921118.05.12-08:06
Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
+
Secunia Security Advisory 4699218.05.12-08:06
Secunia Security Advisory - Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.
+
Secunia Security Advisory 4914018.05.12-08:06
Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

The Hacker's Choice - Freeworld News

News around The Hacker's Choice including releases, papers, exploits and other activities

+
Hydra v6.5 is now available!15.07.11-07:06
Hydra v6.5 is now available! New: default password list script, major http-form module improvements (user defined http headers, cookie learning URL, intelligent cookie learning, etc.) - now works againt OWA :-), plus bugfixes
+
Hydra v6.4 is now available with module enhancements and ...16.06.11-06:06
Hydra v6.4 is now available with module enhancements and bugfixes
+
THC T-Shirts for 2011 can now be ordered.18.05.11-15:37
THC T-Shirts for 2011 can now be ordered. Orders must be made until the 20th of May 1pm CET. Email vanHauser AtTheGlorious thc.org. T-Shirts are reserved for friends and the coolest of the coolest. If you are unsure if you qualify as friend chances are you dont.
+
Get the new thc-ipv6 v1.6 release - lots of cool new tool...13.05.11-03:06
Get the new thc-ipv6 v1.6 release - lots of cool new tools and features! :-)
+
Hydra v6.3 is available with new oracle and smtp-enum mod...01.05.11-08:03
Hydra v6.3 is available with new oracle and smtp-enum modules, many module enhancements, bugfixes and more
+
Amap v5.4 is now available which fixes an IPv6 bug introd...20.04.11-07:04
Amap v5.4 is now available which fixes an IPv6 bug introduced in v5.3. I am getting old.
+
Amap v5.3 is now available.16.04.11-07:03
Amap v5.3 is now available. It is not supported anymore, however as there is no tool available which performs IPv6 UDP port scanning, amap was updated to better support IPv6. Have fun!
+
Hydra v6.2 is available with a new password bruteforcing ...06.04.11-06:06
Hydra v6.2 is available with a new password bruteforcing mode, new xmpp and irc module, and MD5/SHA1/.. support for a lot of modules! :-)
+
Join the THC t-shirt design contest!05.04.11-02:01
Join the THC t-shirt design contest! Submit your design until the 8th may and win! More information at http://www.thc.org/thc-contest
+
Hydra v6.1 is available with SSHv1 support, a few fixes a...03.02.11-07:01
Hydra v6.1 is available with SSHv1 support, a few fixes and mainly license updates for the Debian guys. Tested to work on Linux, Cygwin, Solaris 11, FreeBSD 8.1 and OSX.

THC Blog

+
Uninformed v10 is out14.10.08-06:25
+
The Risk of ePassports and RFID29.09.08-08:07
+
Windows Mobile file recovery HOWTO24.09.08-14:12
+
Port Scanning the Internet10.08.08-09:29
+
GSM Researcher stopped at Heathrow Airport by UK government officials17.04.08-01:31

2600: The Hacker Quarterly

The Hacker Quarterly

+
Off The Hook show for May 16, 201217.05.12-04:46
+
Off The Wall show for May 15, 201216.05.12-05:11
+
HELP US COMPILE THE 2013 HACKER CALENDAR09.05.12-08:15
We've begun work on the 2013 Hacker Calendar after a really good response to the 2012 edition. This time the theme is surveillance, something near and dear to all of us.
+
SPRING ISSUE OF 2600 RELEASED04.04.12-11:12
The Spring issue of 2600 has been officially released in digital and paper versions worldwide. If you're a subscriber, you likely already have gotten the Spring issue delivered to you. If not, it should be in your hands really soon. For those of you who get 2600 at bookstores or newsstands, you can start planning your trip to those places now, as we believe the issues are already on the stands. For those of you in the electronic world, your issues will be ready in a matter of seconds, or even less if you've got a Kindle subscription, as your copy will have already been magically beamed to your Kindle device. We're still trying to get on the Barnes and Noble subscription list, but until that happens, you can pick up individual issues on their site.
+
VOLUME 1 OF 2600 NOW ONLINE - DRM FREE - IN KINDLE, NOOK, AND PDF FORMATS03.04.12-10:58
So we've taken the next step in our digital publishing project. We've gone all the way back to 1984, our first year publishing, and put together "The Hacker Digest - Volume 1" for Kindles, Nooks, tablets, computers, the works. It's all DRM-free as well.
+
HOPE TICKET SALES TO BENEFIT ELECTRONIC FRONTIER FOUNDATION02.04.12-10:12
For the entire month of April, we will be donating ten percent of the amount brought in from HOPE ticket sales to the Electronic Frontier Foundation.
+
RICHARD O'DWYER STORY TO BE FEATURED ON 'OFF THE HOOK'28.03.12-08:23
We will have a live interview with Richard O'Dwyer's mother on tonight's edition of "Off The Hook," to be aired at 7 pm ET over WBAI-FM and online.
+
THE YES MEN ON 'OFF THE HOOK' TONIGHT29.02.12-20:06
As part of the grand finale of the WBAI Winter fundraiser, "Off The Hook" will have a special two-hour program tonight featuring none other than The Yes Men, who will join us live to discuss their latest antics, as well as the many amazing accomplishments of their past.
+
RADIO ARCHIVE NOTES11.02.12-07:33
The first of two Voice of Long Island reunion shows is now online. This was a spur of the moment reunion program with no advance warning to listeners that aired on Friday night/Saturday morning, January 3rd, 1987 from midnight to 3:00 am (the show's original timeslot during its 1981-1983 run. You can stream or download the show in high or low fidelity at this link.
+
THE YES MEN TO KEYNOTE AT HOPE NUMBER NINE31.01.12-09:39
We're happy to announce that one of our keynote addresses at HOPE Number Nine this summer will be given by The Yes Men, in what will surely be a lively, enlightening, and inspirational presentation.

Debian-linux.cz

zpravodajství z distribuce Debian

+
Vyšla aktualizace Debianu Squeeze 6.0.512.05.12-19:10
+
Repozitář debian-multimedia.org na nové doméně11.05.12-19:55
+
Vyšla kniha Debian Administrator's Handbook10.05.12-12:28
+
XBMC 11 „Eden“ v Debian 7 „Wheezy“08.05.12-07:44
+
Debian a Google Summer of Code 201201.05.12-10:28
+
Debian Projekt se připojil k Open Source Initiative01.05.12-09:58
+
Steam pre Linux27.04.12-11:27
+
Nový redaktor na debian-linux.cz24.04.12-14:30
+
FOSS i v české samosprávě22.04.12-12:38
+
Protokol SPDY s Apache2 a Debianem22.04.12-11:58
+
Debian Project, voľby ukončené20.04.12-11:13
+
Pozvánka na 1. sraz příznivců Linuxu, zejména Debianu25.03.12-10:40
+
Debian Lenny aktualizován na verzi 5.0.1010.03.12-20:23
+
Když Apt a Aptitude padají na SIGSEGV08.03.12-21:06
+
Bazárek na fóru05.03.12-08:29
+
Volby nového DPL na rok 201204.03.12-14:37
+
DebConf13 bude ve Švýcarsku03.03.12-03:28
+
Debian zkompilovaný pomocí překladače Clang29.02.12-10:38
+
Poslední aktualizace Lennyho vyjde 10. března29.02.12-10:21
+
Seriál muchobijeckých party pokračuje18.02.12-12:07

Rastislav Turek

Rastislav TurekTumblr (3.0; @synopsi)http://turek.co/Kniha: Preco jazdime ako jazdime a co to o nas vypovedaDnes som docital fantasticku knihu o tom, ako funguje doprava, preco je tolko smrtelnych kolizii aj... <a href="http://feedads.g.doubleclick.net/~a/a_fFZL7h7tDlHhGj9PdjT8NoPug/0/da"><img src="http://feedads.g.doubleclick.net/~a/a_fFZL7h7tDlHhGj9PdjT8NoPug/0/di" border="0" ismap="true"></img></a> <a href="http://feedads.g.doubleclick.net/~a/a_fFZL7h7tDlHhGj9PdjT8NoPug/1/da"><img src="http://feedads.g.doubleclick.net/~a/a_fFZL7h7tDlHhGj9PdjT8NoPug/1/di" border="0" ismap="true"></img></a><img src="http://feeds.feedburner.com/~r/synopsi/~4/ip1JYTYwFcM" height="1" width="1"/>

+
Kniha: Preco jazdime ako jazdime a co to o nas vypoveda09.05.12-00:29
Dnes som docital fantasticku knihu o tom, ako funguje doprava, preco je tolko smrtelnych kolizii aj...
+
StartupWeekend Bratislava #224.04.12-20:35
Nepresiel ani rok od prveho StartupWeekendu v Bratislave a uz je tu dalsi. Ak ste sa minuleho...
+
Ked uspech zatieni mozog01.04.12-23:06
Myslim si, ze uspech dokaze lahko zatienit mozog. Mozno ste pred par dnami zachytili spravu o...
+
Zapisky zo SxSW14.03.12-22:41
Tieto poznamky pisem primarne pre seba, aby som si uchoval co najviac informacii. Pisem ich na...
+
Knihy, ktore stoja za precitanie04.03.12-16:02
Viaceri z vas vedia, ze som zaciatkom minuleho roku vymenil vsemozne dopravne prostriedky za nohy...
+
Ako vzniklo nase uvodne SynopsiTV video?18.01.12-20:51
Presli uz dva mesiace od kedy sme uverejnili nase uvodne (uvitacie? v slovencine to znie hodne...
+
Prvy slovensky StartupWeekend pohladom organizatora31.10.11-00:00
Uz dva tyzdne sa marne pokusam napisat moje zhodnotenie uplne prveho StartupWeekendu na Slovensku....
+
Ako predstavit svoj startup behom jednej minuty?28.02.11-00:00
Kratka, rychla a trefna prezentacia (Pitch) vasho startupu byva jednou z najzlozitejsich povinnosti,...
+
Od zaciatku roka sa uz stretavame v nasich novych kancelariach....14.01.11-00:00

Od zaciatku roka sa uz stretavame v nasich novych kancelariach. Coskoro by k nam mali pribudnut dalsie spolocnosti, aby nam nebolo smutno.
+
Ondrej Bartos - Jak (ne)hledat investora13.01.11-00:00
Velmi dobra prednaska v podani Ondreja Bartosa o investovani, podnikani a o jeho skusenostiach s...
+
Kde zacat svoj startup?07.01.11-00:00
Rodime sa do narucia cudzich ludi, ktorych sme si nevybrali, na mieste, kde sme mozno zit nechceli....
+
Investor nie je nepriatel03.01.11-00:00
Zacinam mat pocit, ze sa oznacenie investor v nasich koncinach znacne sprofanovalo. Niekolko...
+
Čítať až dokonca09.11.10-00:00
Pred týždňom, alebo dvomi, som sa ako prednášajúci zúčastnil príjemnej konferencie Unicamp. V rámci...

Root.cz

Root.cz - informace nejen ze světa Linuxu

+
Je Steam pro Linux dobrá a nebo špatná zpráva?18.05.12-15:07
Před nedávnem společnost Valve potvrdila, že pro Linux skutečně připravuje Steam i Source Engine. Na první pohled dobrá zpráva. Richard Stallman se však na serveru Gnu.org zamýšlí nad etikou takovéhoto počinu. Sice pomůže rozšíření Linuxu mezi...
+
Navrhněte tričko pro "Linuxáky"18.05.12-13:58
Máte rádi Linux? Inspiruje vás? Pak přesně pro vás vypsala The Linux Foundation letošní ročník soutěže. Jejím cílem je navrhnout tričko na téma ,,Inspirováno Linuxem". Pravidla jsou vcelku jednoduchá a vaše návrhy můžete zasílat až do 8. června...
+
Google má patent na ovládání gesty18.05.12-12:45
Google si nechal patentovat možnost ovládání gesty za použití brýlí. Pravděpodobně se jedná o jednu z funkcí projektu Google Glass - chytrých brýlí. Zajímavé je, že vše je postaveno na funkci speciálních značek na ruce, které snímá kamera...
+
Workshop zaměřený na UX design18.05.12-11:56
Jak myslet na lidi, kteří budou vaše uživatelské rozhraní používat a neplýtvat jejich pozorností a chutí pracovat s vaším webem či programem? Jak postupovat od obchodních cílů k behaviorálním? Jak navrhovat metodou Design Studio? Tomu všemu se...
+
Fedora 17 nabírá další zpoždění18.05.12-11:31
Vývojáři rozhodli o dalším odkladu vydání nové verze distribuce Fedora. Fedora 17 ,,Beefy Miracle" měla původně vyjít již 8. května 2012, poslední oznámené datum bylo 22. května a nyní se termín posouvá o další týden na 29. května. Důvodem jsou...
+
Vyšel Linux Mint 13 RC18.05.12-10:29
V květnu nás čeká vydání další verze Linux Mint. Verze 13 ,,Maya" bude zároveň i LTS vydáním podporovaným až do května 2017. Novinky si lze již dnes vyzkoušet v release candidate. K dispozici jsou dvě verze MATE a Cinnamon. Server Softpedia.com...
+
Aktuální kurzy ČNB ve vašem WordPressu18.05.12-09:14
Na serveru Fabulator.cz vyšel návod jak si napsat vlastní shortcode pro WordPress pro zobrazování aktuálních kurzů ČNB. Vše je postaveno na cronu, který parsuje data z ČNB a aktualizuje je každou hodinu (což reálně není nutné, protože kurzy ČNB...
+
Google chce rozumět tomu, co hledáte18.05.12-08:07
Google včera uvedl funkci, která zásadně doplňuje jeho přístup k vyhledávání -- ,,Knowledge Graph". Prozatím ji však začnou postupně vídat jen ti, kteří Googlu užívají v jazyce ,,U.S. English". Pro vyhledávač Googlu byl internet dosud jen obrovským...
+
Fedora 17 release párty v Brně, Praze a Košicích17.05.12-16:53
U příležitosti vydání Fedory 17 se budou konat v ČR a SR hned tři párty. Jedna bude jako již tradičně v brněnské pobočce Red Hatu (úterý 12.6.). Další se bude konat ve školícím centru Silicon Hillu na Strahově v Praze (sobota 16.6.) a třetí...
+
iDatovka verze 2.3 usnadní přístup slabozrakým a nevidomým uživatelům17.05.12-16:30
Sdružení CZ.NIC dnes vydalo novou verzi multiplatformního klienta iDatovka; verze 2.3 obsahuje drobné vylepšení přístupnosti pro nevidomé a slabozraké uživatele. Díky za doplnění této funkcionality patří obecně prospěšné společnosti Brailcom,...
+
Icinga oslavila třetí narozeniny a vyšla ve verzi 1.717.05.12-12:06
Vyšla nová verze monitorovacího nástroje Icinga s označením 1.7. V té byl představen nový adresář lib, určený pro rozšiřující knihovny, byly přidány volby do konfiguračního skriptu pro jednodušší balíčkování, opraveno několik chyb, vylepšeno...
+
Vyšlo Wine Mono 0.0.417.05.12-10:37
Projekt Wine Mono se snaží spojit Wine a Mono tak, aby se pro běh některých aplikací nemusel instalovat externí .NET framework. Ten je používán v celé řadě aplikací a někdy není možné ho spustit v čistém Monu. Nová verze Wine Mono se objevila...
+
Google chce více Nexus telefonů17.05.12-09:22
Google plánuje, že změní doposud používaný systém pro výrobu Nexus telefonů. Pro ty byl vždy vybrán jeden výrobce, který se postaral o zařízení jedné generace. Takový výrobce dostal přístup k nezveřejněnému zdrojovému kódu aktuálně vyvíjeného...
+
Experimentální podpora Web Intents v Chrome 1917.05.12-08:11
Chrome 19 se objevil před pár dny a na Chromium blogu vyšel blogpost, ve kterém vývojáři upozorňují, že se v této verzi nachází experimentální podpora pro Web Intents. Jde o velmi důležitou vlastnost, která přiblíží webové aplikace těm...
+
Vyšel PartedMagic 2012_05_1416.05.12-16:15
Na začátku týdne vyšla nová verze specializované živé distribuce PartedMagic 2012_05_14. Přináší nové jádro 3.3.6, X.org Server 1.12.1, nově SpaceFM nahradil původní PCManFM-Mod, také Udisks nahradil původní PMount a nyní je zde i možnost zapnout...
+
Nejzajímavější informace o WordPressu16.05.12-15:01
Server Wplift.com připravil seznam patnácti nejzábavnějších a nejlepších infografik o WordPressu. Na jednom místě se tak dozvíte proč WP používat, jak váš blog funguje, zjistíte významná data z historie WP, přidáte informace o možných rozšířeních...
+
Red Hat Enterprise Linux slaví 10 let na trhu16.05.12-13:58
V květnu 2002 představil Red Hat svůj systém Red Hat Enterprise Linux. Aktuálně je to tedy 10 let a vývojáři k této příležitosti připravili kompletní časovou osu důležitých momentů pro Red Hat již od roku 1997 (Red Hat Linux se poprvé objevil již...
+
Původní Windows Mobile má vyšší tržní podíl než Windows Phone16.05.12-12:48
Poslední výsledky analýzy společnosti Nielsen (týkající se amerického mobilního trhu) ukazují na zajímavý jev. Původní Windows Mobile platforma má 4.1% podíl, nový Windows Phone 1.7 %. Uživatelé starých mobilních Windows na nové nijak nespěchají...
+
Jak upravit nabídku přehrávačů v hudebním menu Ubuntu?16.05.12-11:38
Po instalaci nového Ubuntu máte ve standardním hudebním menu nabídku zesílení hudby, přehrávače Rhythmbox a předvolby zvuku. Většina dalších doinstalovaných přehrávačů (VLC, Clementine...) vám tam přidá svůj vlastní odkaz nejlépe i s možností...
+
Firefox Beta 14 již i pro OS Android 2.216.05.12-10:25
Včera se na Google Play objevila nová beta verze na desktopu oblíbeného internetového prohlížeče Firefox. Verze 14 přináší několik novinek. Jednou ze zajímavých je pak fakt, že snížila požadavky na minimální verzi systému. Původně požadovaný...
+
Google likviduje z indexu katalogové weby16.05.12-09:15
Na konci března se diskutovalo o plánu Google ,,postihovat" příliš SEO optimalizované stránky. Podle diskuze na WebmasterWorld je z indexu pryč již zhruba polovina katalogových webů využívaných hlavně pro ,,SEO". Zdá se tak, že Google opravdu...
+
Co je nového v Ubuntu 12.04 LTS16.05.12-08:04
Canonical připravil na každý čtvrtek až do konce května zajímavé webináře na téma novinek v Ubuntu 12.04 LTS. Již zítra nás čeká rozbor novinek pro verzi Server, za týden pak Desktop a poslední květnový den pak Ubuntu Cloud ve verzi Server...
+
Nové X Server driver API15.05.12-16:12
Server Phoronix informuje, že se do X Serveru chystá nové API pro ovladače grafických karet. To by mělo lépe konkurovat API v systémech jako Windows nebo Mac OS X. Linuxovým uživatelům přinese podporu pro přepínání mezi dvěma grafickými kartami...
+
Kdenlive 0.9 umí synchronizovat obraz z více kamer15.05.12-14:49
Vyšla nová verze nelineárního video editoru Kdenlive s označením 0.9. Podle oznámení o vydání byla vylepšena práce s efekty o možnost seskupování, bylo přidáno automatické synchronizování nahrávek z více kamer podle zvuku, uživatel nyní může...
+
Ubuntu Tweak 0.7.1 opravuje 11 chyb15.05.12-11:59
Ubuntu Tweak 0.7.0 vyšel před necelými třemi týdny a kromě jiného přinesl podporu pro poslední Ubuntu 12.04. Celkově si ho stálo přes 60 000 uživatelů. Netrvalo to moc dlouho a už je na světě opravné vydání 0.7.1. To opravuje celkem 11 chyb,...

Yenya's World

Linux and beyond - Yenya's blog.

+
My New Bike14.04.12-04:57
Several months ago, I have written about choosing a new bicycle. Here is the outcome:[... read more ...]
+
Google Authenticator18.11.11-14:30
For some time, I have been considering adding two-factor authentication to my systems in order to prevent break-ins in case somebody's workstation is compromised (which is a common attack vector these days). One of the systems for one-time passwords is Google Authenticator. [... read more ...]
+
Dear Customer,03.10.11-10:20
[...] we would also like to inform you about the following change in your network: a new address has been assigned to you: 2001:4cc8:...::/64.[... read more ...]
+
Which Bike?18.07.11-14:26
The 30 years old frame of my bike broke several weeks ago, so I will need a new bike. We have already decided to buy a new bike for my wife, so I have took the frame of her present bike, and remounted some components of my former bike to it. So I don't need a new bike right now, and I have more time to decide what I want. [... read more ...]
+
High-Performance HTTP Servers15.06.11-09:34
Yesterday I have read about Apache Traffic Server. My dear lazyweb, do you use something like that (or Nginx)? What is your main reason for using it? I wonder why use user-space solution, when IPVS works pretty well for load balancing.
+
Citroën Xsara03.06.11-18:02
It has been seven years since I have bought my Citroën Xsara. At that time, I have considered several models, looking for an estate car for my family. Having used several Škoda Felicia cars in my previous job, I have definitely wanted a car from some other manufacturer. My opinion was "the car can have its problems, but at least let it be different problems than Škoda have". [... read more ...]
+
Mysterious Source Code24.05.11-15:15
About a month ago, I have spotted a two-page listing of source code in our printer room/kitchenette. I have glanced over it briefly, and during subsequent visits to the room, I became more and more fascinated by it. Finally, about a week ago, I have grabbed it for myself, because nobody seemed to care about it anymore. So here it is, in all its glory: [... read more ...]
+
Lost GUI features23.05.11-15:30
Contemporary GUI applications have several problems which, if I remember correctly, previous systems did not have. I wonder whether somebody else also considers it being a problem: [... read more ...]
+
GNOME 320.05.11-20:45
After installing Fedora 15 in a virtual machine, I have decided to give GNOME 3 a try. Firstly, it is really slow over VNC. While GNOME 2 has been pretty usable for testing various new applications in a virtual machine, under GNOME 3 it is almost impossible. Here is a screenshot on which I will demonstrate my problems with GNOME 3: [... read more ...]
+
Rethinking Cron03.05.11-15:41
cron(8) is one of the oldest tools in UNIX. Despite of that, I think cron is not something to be proud of. In my opinion, it falls to the unfixable designs category. The recent attempts to fix it (factoring out atd(8), a dirty hack that is anacron(8), etc.) show some of the problems of cron. My recent experience confirms it: [... read more ...]
+
git-diff(1) Dark Color Scheme01.04.11-14:27
The default colored output of git-diff(1) and other commands is a bit ugly in my terminal with dark (green-on-black) color scheme. Here is how to fix it: [... read more ...]
+
man(1) Surprise25.03.11-09:46
Hello, this is your editor speaking, welcome to the "lesser known Linux feature of the day" series. Today we will cover an interesting feature of man(1) that your editor has just ran into. Try running the following command: [... read more ...]
+
XFCE23.03.11-18:09
The first alternative to GNOME I have decided to try is XFCE. In the LWN discussion, Jon Masters presented it as a viable replacement to GNOME. Also, it uses GTK+ like GNOME, so many applications can be the same (including, I have hoped, my window manager of choice, Sawfish. XFCE is definitely usable and configurable for power-user. Most (but not all) properties can also be set using their Settings manager, and thus XFCE should also be mostly usable for ordinary users. So far the problems include: [... read more ...]
+
GNOME in the Shell22.03.11-23:50
Yesterday, after reading The Grumpy Editor's GNOME 3 experience article at LWN, I have decided it is time to at least make an attempt to move away from GNOME, which (much like KDE 4) decided to use revolutionary instead of evolutionary development, and apparently continues in their feature removal crusade in the name of so called usability. Also, this might be a good chance to move away from Galeon after so many years. [... read more ...]
+
New Odysseus09.03.11-10:45
We have got a new hardware for our FTP server to replace our seven years old server. It is amazing how the old hardware is still in many aspects on par with state-of-the-art "average workstations". The old system had 12 GB of RAM, 8 TB of disks, and dual GbE. It was one of the first 64-bit x86 systems here at Faculty of Informatics. So, which principal improvements in server hardware the last seven years brought (apart from speed, of course)? [... read more ...]

Zdroják

Zdroják - o tvorbě webových stránek a aplikací

+
Návrhové principy: Deméteřin zákon18.05.12-00:00
Deméteřin zákon (Law of Demeter) je další z důležitých návrhových principů. Tento princip definuje omezení v tom, s jakými objekty bychom měli přímo komunikovat a s jakými ne. Při dodržování těchto doporučení je výsledný kód mnohem méně vzájemně provázaný a jeho udržování je mnohem jednodušší.
+
V partě se to lépe učí16.05.12-00:00
Programátor tvrdej chleba má. Musí se pořád učit nové a nové věci. Doktoři třeba taky, ale jim se za pět let nezměnila pod rukama anatomie na verzi 2.0. Naštěstí se dnes nemusí učit už jen z knížek. Může se učit i online, ale hlavně: může se učit i naživo! Školení totiž nemusí být jen nudný den!
+
Python profesionálně: návrhové vzory14.05.12-00:00
V předchozích dílech tohoto seriálu jsme se zabývali tipy, které by měl znát určitě každý, kdo programuje v Pythonu, aby si dokázal usnadnit práci. Dnes se posuneme trošku dál. Podíváme se, jak lze v Pythonu elegantně uplatnit několik návrhových vzorů. Konkrétně si vyzkoušíme udělat singleton, flyweight, dekorátor a další.
+
AQuery - šikovná knihovna pro Android11.05.12-00:00
V dnešním článku si představíme knihovnu Android Query, která se po vzoru jQuery snaží zjednodušit některé úkoly na Androidu. Podíváme se na její koncepci a pak si naprogramujeme prohlížeč obrázků z Flickru.
+
Návrhové principy: SOLID09.05.12-00:00
V současné době jsou stále populárnější návrhové vzory, které nám ukazují, jak řešit typické problémy při návrhu software v objektově orientovaných jazycích. Návrhové vzory jsou však jen konkrétní aplikace hlubších principů, na kterých by měl být objektově orientovaný návrh založen. Tento článek má za úkol čtenáře stručně seznámit s návrhovými principy SOLID, které formuloval Robert ,,Uncle Bob" C. Martin.
+
Dependency injection a metody globálního prostoru v PHP07.05.12-00:00
Poslední dobou se celkem intenzivně zabývám dependency injection a s ním spojenými problémy. Při zkoumání DI jsem narazil na problém, který vám zde budu prezentovat.
+
Zeldmanův Mobile Only04.05.12-00:00
Mobile First? Content First? Responsive? Zeldman nový design svého blogu navrhl rychle a efektivně a narodil se jeden z prvních Mobile Only webů.
+
Nuget: inteligentná správa používaných knižníc02.05.12-00:00
Ak pracujete na aspoň trochu rozsiahlejších projektoch, určite sa nevyhnete používaniu cudzích knižníc. Či už ide o open-source, komerčné alebo vlastné knižnice, princíp ich použitia je vždy rovnaký. Knižnicu treba nájsť, stiahnuť správnu verziu, rozbaliť, nalinkovať do projektu, nakonfigurovať. Našťastie existuje Nuget, ktorý vykoná všetky tieto operácie za vás.
+
A/B testy a Weldonove kostky30.04.12-00:00
Drtivá většina uživatelů vašich webů má nadprůměrný počet prstů. Tato informace je pravdivá (pokud nejste provozovatelem webu pro lidi po amputaci). Pro její ověření můžete udělat rozsáhlý průzkum a pak výsledky vyhodnocovat statistickým softwarem a analytickými nástroji. Dá se na to přijít i bez toho výzkumu. Ale zajímá to někoho?
+
Úvod do Reactive Extensions27.04.12-00:00
Asynchrónne programovanie sa v súčasnosti dostáva stále viac do pozornosti, pomaly sa stáva nutnosťou a budeme sa s ním stretávať stále častejšie. Napríklad vo Windows Phone 7 je dobrým zvykom vykonávať náročné operácie asynchrónne v osobitnom vlákne, aby UI aj naďalej reagovalo na vstup používateľa, vo Windows 8 je dokonca nutné všetky operácie, ktoré môžu trvať dlhšie ako 50 milisekúnd, vykonávať asynchrónne.

abclinuxu - čerstvé zprávičky

Seznam čerstvých zpráviček na portálu www.abclinuxu.cz

+
IBM zahájilo proces kontribuce Lotus Symphony do Apache OpenOffice01.01.70-01:00
Donald Harbison, programový ředitel IBM, oznámil počátek kontribuce (přispění) kancelářského balíku Lotus Symphony do Apache OpenOffice.org. Současně oznámil i faktický konec pro Lotus Symphony. Ten bude nadále podporován jen do doby úspěšné asimilace jeho hodnotných funkcí OpenOfficem. Souhrn komponent, kterými může Lotus Symphony obohatit stávající OpenOffice.org, je dostupný na The Apache OpenOffice Wiki.
+
Wikimedia UK pokryla celé město QR kódy01.01.70-01:00
Wikimedia UK, britská odnož Wikimedia Foundation, oznámila spuštění Monmouthpedie, tedy jakési Wikipedie welšského města Monmouth. Všechny zajímavé lokace a především pamětihodnosti ve městě byly označeny tabulkami, které kromě loga Wikipedie nesou i odkazy v podobě QR kódu. Informace chtiví návštěvníci se tak pomocí zařízení vybaveného čtečkou QR kódu mohou dostat ke článkům a videím popisujícím dané místo. Ty jsou dostupné v 25 jazycích a jejich počet v rámci projektu narostl přibližně o 500.
+
QCAD 3 se blíží finálnímu vydání01.01.70-01:00
Jeden z mála linuxových CAD programů, QCAD, se po letech vývoje dočkává verze QCAD 3, napsané v Qt 4. Podle tiskového oznámení firmy RibbonSoft bude dostupná též komunitní verze QCAD 3 licencovaná pod GNU/GPL, která tak bude tvořit protiváhu k čerstvému forku programu QCAD, LibreCADu.
+
Podpora Linuxu v Mozilla Marketplace až se zpožděním01.01.70-01:00
V diskusi pod bugem 744193 spatřila světlo světa informace, že podpora Linuxu v době spuštění není pro chystaný Mozilla Marketplace prioritou. V návaznosti na tento bug proběhla e-mailová komunikace mezi několika vývojáři Mozilly, v níž vedoucí vývoje Firefoxu Asa Dotzler prohlásil, že počet uživatelů Linuxu je mezi uživateli Firefoxu nadhodnocený a Mozilla stejně nedisponuje dostatkem vývojářů, kteří by na podpoře Linuxu v Marketplace pracovali. Na to Rubén Martín kontroval tím, že Mozilla přeci může požádat o pomoc vývojáře z komunity a současně varoval před ztrátou podporovatelů ze strany Linuxu a Opensource. Mozilla by prý bez jejich podpory nebyla takovou Mozillou, jakou ji známe. Mozilla Marketplace bude internetový obchod s webovými aplikacemi založených na HTML5, CSS a Javascriptu, které bude možno používat stejným způsobem jako desktopové aplikace, přičemž ke svému běhu budou používat vykreslovací jádro Firefoxu (Gecko). Jeho obdobou je v současnosti Chrome Webstore.
+
ROSA Marathon 201201.01.70-01:00
Ruská společnost ROSA JSC vydala ROSA Marathon 2012, LTS distribuci Linuxu zacílenou na firemní prostředí s plánovanou podporou v délce 5 let. Marathon 2012 je první verze distribuce ROSA, která byla vyvíjena a sestavena v prostředí ABF, které je taktéž produktem společnosti ROSA. Systém je dostupný v edicích Free a Extended, přičemž jsou obě dostupné zdarma, ale jen edice Extended obsahuje i tzv. non-free software. Distribuce je založena na Mandrivě 2011, na jejíž přípravě se ROSA taktéž podílela, kterou rozšiřuje o mnohá vylepšení. V současné době se vývojáři v ROSALabs plánují zaměřit na ROSA Desktop 2012. Ve zkratce další edice ROSY, ovšem určená pro běžné uživatele. Vydána by měla být koncem tohoto roku.
+
Fedora 17 release party v Brně, Praze a Košicích01.01.70-01:00
U příležitosti vydání Fedory 17 se budou konat v ČR a SR hned tři party. Jedna bude jako již tradičně v brněnské pobočce Red Hatu (úterý 12.6.). Další se bude konat ve školícím centru Silicon Hillu na Strahově v Praze (sobota 16.6.) a třetí v Košicích (datum předběžně stanoveno na 14.6.). Všechny tři akce budou mít podobný program: přednášky o novinkách ve Fedoře 17 od vývojářů, kteří se na nich podíleli, a o tom, jak se do Fedory zapojit, doprovodnou znalostní soutěž a občerstvení. Na všech budou k dispozici DVD s Fedorou 17, samolepky a další propagační materiály. V rámci té brněnské proběhne vyhlášení výsledků soutěže RedBot. Podrobný program bude k nalezení na stránkách akcí.
+
80. nejen linuxový sraz v Brně01.01.70-01:00
Zveme vás na 80. sraz příznivců svobodného SW, který se bude konat v pátek 18. května od 18 hodin v restauraci U kormidla. Těšíme se na vás. LvB
+
Google Chrome je jednička podle StatCounter01.01.70-01:00
Podle serveru StatCounter, v těchto dnech se prohlížeč Google Chrome stal nejpopulárnějším prohlížečem celosvětově, když předstihl podíl kdysi suverénně dominantního prohlížeče Internet Explorer. Podle stejného serveru je v našich luzích a hájích jedničkou Firefox, následovaný Google Chrome a IE.
+
0 A.D. Alpha 10 Jhelum01.01.70-01:00
Vyšla desátá alfa verze historické RTS 0 A.D. Mezi novinkami jsou řecké frakce Athény, Makedonie a Sparta nahrazující obecnou řeckou frakci, základní výlučné technologie a civilizační fáze, možnost stavění hradeb metodou „táhni a pusť“ či léčení. Hra se dočkala vylepšeného a podrobněji nastavitelného generování grafiky, nových map i hudebních stop.
+
Sage 5.001.01.70-01:00
Byla vydána pátá verze matematického softwaru Sage. Vedle stovek drobných oprav a vylepšení patří mezi významné nové vlastnosti tohoto slepence mnoha existujících knihoven a webového rozhraní především podpora OS X.

Security Tool Files ≈ Packet Storm

Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers

+
HULK - Http Unbearable Load King18.05.12-16:31
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
+
Admin Page Finder Script18.05.12-16:29
This python script looks for a large amount of possible administrative interfaces on a given site.
+
360-FAAR Firewall Analysis Audit And Repair 0.2.418.05.12-16:05
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
+
Web Application Vulnerability Scanner 0.1117.05.12-23:54
WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.
+
OpenDNSSEC 1.3.815.05.12-23:59
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
+
Bluelog Bluetooth Scanner/Logger 1.0.315.05.12-05:19
Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
+
XCat 1.513.05.12-14:12
XCat is a PHP web interface for scanning sites mined through bing.com.
+
Cura 0.4.012.05.12-12:33
Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
+
360-FAAR Firewall Analysis Audit And Repair 0.2.310.05.12-06:33
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
+
NetcatPHPShell 1.1007.05.12-21:49
NetcatPHPShell is a PHP backdoor that can be leveraged to launch a connect-back shell.
+
Netzob 0.3.206.05.12-04:04
Netzob supports the expert in reverse engineering, evaluation, and simulation of communication protocols. Its main goals are to help security evaluators to assess the robustness of proprietary or unknown protocol implementations, simulate realistic communications to test third-party products (IDS, firewalls, etc.), and create an Open Source implementation of a proprietary or unknown protocol. Netzob provides a semi-automatic inferring process, and includes everything necessary to passively learn the vocabulary of a protocol and actively infer its grammar. The learnt protocol can afterward be simulated. Netzob handles text protocols (like HTTP and IRC), fixed field protocols (like IP and TCP), and variable field protocols (like ASN.1-based formats).
+
Ransack Post Exploitation Tool04.05.12-01:09
Ransack is a post exploitation shellscript for penetration testers. Its purpose is to grab any information deemed relevant on a system, post root compromise. This information may include config files, ssh keys, ssl keys, or any other information deemed valuable.
+
cIFrex 1.1 Source Scanner02.05.12-03:37
cIFrex is a small script written in PHP that supports searching for bugs in the analysis of the source code. It uses a database of regular expressions.
+
Rootkit Hunter 1.4.001.05.12-23:24
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
+
Samhain File Integrity Checker 3.0.401.05.12-17:43
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
+
WHMCS Scanning Tool01.05.12-14:12
WHMCS scanning tool that uses Google to find systems that are possible vulnerable to shell upload.
+
360-FAAR Firewall Analysis Audit And Repair 0.2.130.04.12-16:34
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
+
RopeADope 1.1 Linux Log Cleaner30.04.12-16:17
RopeADope is a log cleaning script for Linux.
+
CIntruder 0.2 CAPTCHA Bypass27.04.12-01:59
CIntruder is an automatic pentesting tool to bypass CAPTCHA.
+
Plown Plone CMS Scanner24.04.12-18:22
Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins. Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites.
+
Linux IPTables Firewall 1.4.1322.04.12-03:08
iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
+
Mobius Forensic Toolkit 0.5.1221.04.12-02:22
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
+
Packet Fence 3.3.016.04.12-20:13
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
+
RadioGraPhy Forensic Tool16.04.12-18:55
Radiography is a forensic tool which grabs as much information as possible from a Windows system. It checks registry keys related to start up processes, registry keys with Internet Explorer settings, host file contents, taskScheduler tasks, loaded system drivers, uses WinUnhide to catch hidden processes, and does much more.
+
NIELD (Network Interface Events Logging Daemon) 0.2311.04.12-17:17
Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.

Will Hack For SUSHI

Hacking and Defending Wireless

+
Things I Wish Amazon.com Didn’t Tell Me01.01.70-01:00
+
The Changing Wireless Attack Landscape01.01.70-01:00
+
Pen Test Perfect Storm 6: We Love Cisco!01.01.70-01:00
+
ISACA Review: Hacking Exposed Wireless 2nd Edition01.01.70-01:00
+
Packet Capture Payload Assessment01.01.70-01:00
+
GIAC GAWN Ethical Hacking Wireless Testing Aid01.01.70-01:00
+
Reflections on “hole196″01.01.70-01:00
+
Evading IPS/IDS with TCP Checksum Forgery01.01.70-01:00
+
FaceTime Protocol Analysis01.01.70-01:00
+
WiMAX Network Scanning Work-in-Progress01.01.70-01:00

Sorry, no items found in the RSS file :-(

Root.cz

Root.cz - informace nejen ze světa Linuxu

+
The Debian Administrator's Handbook01.01.70-01:00
Podrobná příručka pro všechny, kteří se chtějí zabývat administrací linuxové distribuce Debian. Pokrývá všechna témata, která by měl šikovný administrátor zvládat, od instalace a aktualizace systému, přes tvorbu balíčků až po kompilaci jádra...
+
openMagazin 4/201201.01.70-01:00
Dubnový openMagazin se věnuje sazbě, typografii a DTP. Téma čísla vám nabídne články nejen o DTP aplikaci Scribus, ale také o typografických vylepšeních pro kancelářské sady OpenOffice.org/LibreOffice. OpenMagazin se zabývá open-source...
+
openMagazin 3/201201.01.70-01:00
Pokud chodíte do školy, ať jako žáci, nebo učitelé, tak vám téma škola a vyučování nebude cizí. Je to také téma březnového openMagazinu, který je plný tipů na programy pro základní, střední i vysokou školu. Téma je plné pestrých článků ze...
+
Linux From Scratch 7.101.01.70-01:00
Kompletní manuál pro uživatele, kteří si chtějí vytvořit vlastní linuxovou distribuci. Krok za krokem popisuje všechny činnosti, které je třeba udělat proto, aby vám na konci nabootoval vysněný operační systém.
+
openMagazin 2/201201.01.70-01:00
Tématem měsíce je kancelář, a proto se například dozvíte, jak změnit výchozí vzhled šablony, nainstalovat elektronický podpis nebo využít offline slovníky. V rozsáhlém testu přináší srovnání vlastností kancelářských balíků Microsoft Office,...
+
Dohoda ACTA česky01.01.70-01:00
Kompletní znění mezinárodní dohody proti padělatelství (ACTA) v češtině.
+
openMagazin 1/201201.01.70-01:00
Přišel leden nového roku a s ním radikální změny ve vzhledu a členění openMagazinu. Svět open source se mění a my se měníme s ním. Zásah se týká celého časopisu a my věříme, že se vám budou změny líbit. Ostatně, přesvědčte se sami. Ty...
+
Internetový protokol IPv6 (třetí vydání)01.01.70-01:00
IPv6 se má stát nástupcem současného IPv4, základního protokolu sítě Internet. Má vyřešit především akutní nedostatek adres, ale přináší i řadu dalších zajímavých vlastností. V knize se podrobně seznámíte?s vlastnostmi základního protokolu i jeho...
+
openMagazin 12/201101.01.70-01:00
Zahrajete si občas nějakou hru? Téma prosincového openMagazinu je o hrách a hraní; vybrali jsme pro vás několik deskových, simulačních a najde se i strategická. Známé hry např. šachy, mlýn, go, piškvorky, nesmí chybět. Ale některé jsou už méně...
+
openMagazin 11/201101.01.70-01:00
Myslíte si, že jen placený software je ten pravý a nedá se ničím nahradit? Ale nemáte dostatek prostředků ve firmě, škole, domácnosti nebo organizaci na to, abyste platili a platili? Toto číslo openMagazinu vám ukáže cestu, jak ušetřit nemalé...

Blogy a názory: Václav Žák

+
jak to bylo s IZIP10.05.12-22:34
PSÁNO PRO ČRO6
+
korupce v USA23.04.12-02:16
Psáno pro Čro6
+
Václav Bělohradský a postmoderna v postkomunismu06.04.12-19:00
publikuji svůj článek z prosince 1993
jako reakci na poslední rozhovor Karla Hvížďaly s Václavem Bělohradským
+
Tragédie plzeňských práv13.03.12-05:54
Psáno pro Čro6
+
Klausova pomsta Ústavnímu soudu.02.03.12-20:03
Psáno pro Čro6
+
Mostecká, Rampula a ,,nový únor"28.02.12-18:29
Psáno pro ČRo6
+
Přímá volba prezidenta - aneb o cestě ke dnu10.02.12-09:42
psáno pro čro6
+
Polský politik v Berlíně prosím čtěte pozorně02.01.12-21:08
Projev ministra zahraničních věcí Radosława Sikorského přednesený 28. listopadu 2011 v Berlíně.
+
Tomáš Němeček Uhlobaroní bez koruny18.11.11-21:30
Starší článek z Respektu (2004), aby pan ministr Kalousek pochopil, co může republice scházet
převzato ze serveru cs-magazin.com
+
Další angažmá Václava Klause21.10.11-23:55
Psáno pro ČRo6
+
Řeč Evropana12.10.11-23:21
Z parlamentního vystoupení Jána Figeľa, předsedy KDH, ve Slovenské národní radě při projednávání ratifikace posílení EFSF.
Obávám se, že jsem takovou řeč od českého politika neslyšel
+
Babiš o korupci11.10.11-06:35
Psáno pro ČRo6
+
Skutečně církevní majetek?05.10.11-14:03
Psáno pro ČRo6
+
Proč se Alexandra Alvarová mýlí20.08.11-03:23
Zvládáme svou minulost?
+
Klaus v Austrálii27.07.11-01:21
psáno v reakci na blog Krištofa Baláka
+
Vstup Chorvatska do EU - test české demokracie21.07.11-21:44
Psáno pro ČRo6
+
Umíte to vysvětlit aneb o bonmotech ze zlata27.06.11-21:46
Psáno pro ČRo6
+
Po stávce, nebo před stávkou?24.06.11-16:21
Psáno pro ČRo6
+
Jak je to s právem na politickou stávku?15.06.11-23:57
Psáno pro ČRo6
+
Jak má vlastně fungovat stát s tržní ekonomikou?29.05.11-21:07
Psáno pro ČRo6

Adaptive Mind

Člověk jest tvor přizpůsobivý...

+
Google Analytics with jQuery14.08.11-23:08
]]>
+
Zero Results Search Terms in Google Analytics (async edition)14.06.11-20:14
]]>
+
Hřích sedmý - Smilstvo18.04.11-12:01
]]>
+
Hřích šestý - Obžerství11.04.11-09:51
]]>
+
Hřích pátý - Závist18.03.11-16:13
]]>
+
Hřích čtvrtý - Hněv09.03.11-09:04
]]>
+
Hřích třetí - Lenost01.03.11-09:10
]]>
+
Hřích druhý - Lakomství24.02.11-08:52
]]>
+
Hřích první - Pýcha22.02.11-10:08
]]>
+
Sedm smrtelných hříchů UX designéra - Úvod20.02.11-12:04
]]>

My SecTools

The MySecTools idea was born when a user sent an email to the handlers at the SANS Internet Storm Center , where I am a volunteer handler, asking about an updated version of Sectools.org, which is a great website. I decided to create this site with my preferred Security tools, which will be in different sections, like Malware Analysis tools, Network tools,etc... The tools are in alphabetical order but the updates will be in the first place in the the section. And, of course, if you want to suggest a tool, just send me an email @ pbueno//@//Gmail! You can also follow me on twitter for updates: twitter.com/besecure *I removed the menu for mobile users, until I get a better one with no scripts.

+
Online Tools31.01.11-08:22
The online tools contains an updated list of online resources that can be used to help determine when a file is malicious or if website contains suspicious activity.

Anubis - "Anubis is a service for analyzing malware."
http://anubis.iseclab.org/

Bitblaze -Online Unpacker
https://aerie.cs.berkeley.edu/submitsample.php

Eureka - Sandbox
http://eureka.cyber-ta.org/

Comodo - "If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings."
http://camas.comodo.com/

Ether - "Malware Analysis via Hardware Virtualization Extensions"
http://ether.gtisc.gatech.edu/web_unpack/

IPVoid - "...allows users to scan an IP Address with multiple scanning services to facilitate the detection of IP Addresses that have committed malicious activity and to check if a website is hosted in a compromised server, used for spam, phishing or to host malicious content."
http://www.ipvoid.com

Joebox - Sandbox
http://www.joebox.org/samples.php

JSUnpack Online - Online version of the stand-alone tool jsunpack
http://jsunpack.jeek.org/dec/go

McAfee SiteAdvisor - "We test websites for spyware, spam and scams so you can search, surf and shop more safely."
http://www.siteadvisor.com

Norman SandBox - "Free uploads of program files that you suspect are malicious or infected by malicious components, and instant analysis by Norman SandBox. The result is also sent you by email."
http://www.norman.com/security_center/security_tools/submit_file/

PDF Analyzer - "View PDF objects as hex/text, PDF dissector and inspector, scan for known exploits"
http://www.malwaretracker.com/pdf.php

Sunbelt CWSandbox - "CWSandbox is an approach to automatically analyze malware which is based on behavior analysis: malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored."
http://mwanalysis.org/

ThreatExpert - "ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode."
http://www.threatexpert.com/submit.aspx

URLVoid - "allows users to scan a website address with multiple scanning engines such as Google Diagnostic, McAfee SiteAdvisor, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites."
http://www.urlvoid.com/

VirusTotal - Send a file and see the detection according the AV vendors.
http://www.virustotal.com\

Wepawet - "Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files."
http://wepawet.iseclab.org/
+
Forensics /Network Forensics Tools30.11.10-08:22
This list of Forensics/Network Forensics tools contains some of the tools that can be used to extract valuable info from the system or from network capture files (usually pcap files). Imagine getting a large pcap file and you need to extract all emails form there? Or Extract all jpegs? These tools can definitely help.

DateDecoder - "A command line tool used to decode various date/time stamps from their encoded format to human readable format."
http://www.live-forensics.com/dl/DateDecoder.zip

Draugr - "Live memory forensics (Linux (symbols, process))"
http://www.esiea-recherche.eu/~desnos/draugr/draugr.tar.gz

EchoMirage - "Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified."
http://www.bindshell.net/tools/echomirage

Foremost - "Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery."
http://foremost.sourceforge.net/

Forensics ToolKit - "The Forensic ToolKit(TM) contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity."
http://www.foundstone.com/us/resources/proddesc/forensictoolkit.htm

HexReader - "Reads hexoffsets from files, is primary used to then send output to datedecoder."
http://www.live-forensics.com/dl/HexReader.zip

Hfsexplorer - "HFSExplorer is an application that can read Mac-formatted hard disks and disk images.
It can read the file systems HFS (Mac OS Standard), HFS+ (Mac OS Extended) and HFSX (Mac OS Extended with case sensitive file names)."
http://hem.bredband.net/catacombae/hfsx.html
http://www.macosxforensics.com/Downloads/Downloads.html

JSUnpack - "...it is a completely passive JavaScript decoder to perform Intrusion Detection, by processing network traffic (either an interface or pcap file), rather than URLs."
http://jsunpack.jeek.org/jsunpack-n.tgz

Memoryze - "Memoryze is designed to aid in memory analysis in incident response scenarios. However, it has many useful features that can be utilized when doing malware analysis. Memoryze is special in that it does not rely on API calls. Instead Memoryze parses the operating systems' internal structures to determine for itself what the operating system and its running processes and drivers are doing."
http://www.mandiant.com/products/free_software/memoryze/

NetworkMiner - "The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network."
http://networkminer.sourceforge.net/

PCAP Forensic Tool - "This tool as of now, hosts the following features:-Packet Summary,DNS Summary,Stream Summary,List files within stream (magic bytes),List files within archives in streams(ZIP and TAR),Extract files based on magic type, Look within ZIP and TAR archives for file type to extract,GZIP Decompression for files and archives, Extraction Summary..."
http://malforge.com/node/30

RecycleReader - "Reads XP, Vista and 7 INFO2 files"
http://www.live-forensics.com/dl/RecycleReader.zip

SleuthKit - "The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data."
http://www.sleuthkit.org/

Skipfish - "A fully automated, active web application security reconnaissance tool."
http://code.google.com/p/skipfish/

SQLiX - "SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL)."
http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project

Xplico - "The goal of Xplico is extract from an internet traffic capture the applications data contained."
http://www.xplico.org

Xtractr - "xtractr is a hybrid cloud application for indexing, searching, reporting, extracting and collaborating on pcaps. "
http://www.pcapr.net/xtractr
+
Malware Analysis Tools30.11.10-08:19
This non-comprehensive list of tools are some of the ones that I use most often. I also included some that may be used as additional resources that may make some tasks easier.

Ariad - "Ariad started as a tool to prevent inserted USB sticks from executing code."
http://blog.didierstevens.com/programs/ariad/

Autorun Manager - ""OSAM" provides an easy one-click way of obtaining detailed information about the components that are run automatically at the system start and can potentially affect its operation."
http://www.online-solutions.ru/en/products/osam-autorun-manager.html

BinText - "A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode"
http://www.foundstone.com/us/resources/proddesc/bintext.htm

Capture-BAT - "Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents, which provides an analyst with insights on how the software operates even if no source code is available."
https://www.honeynet.org/node/315

DLLInject - "DLLInject is a simple command-line utility for loading a DLL into a target process's address space, by using the CreateRemoteThread API to execute LoadLibraryA."
http://research.eeye.com/html/tools/RT20060801-6.html

Fiddler - "Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet."
http://www.fiddler2.com

FileAlyzer - "FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE)."
http://www.safer-networking.org/en/filealyzer/index.html

F-Secure BlackLight - "F-Secure BlackLight is a tool that detects files, folders and processes hidden from the user and other programs.
BlackLight is also able to remove hidden malware by renaming them."
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

GMER - http://www.gmer.net/

Helios - "Helios is an advanced malware detection system has been designed to detect, remove and innoculate against modern rootkits. What makes it different from conventional antivirus / antispyware products is that it does not rely on a database of known signatures."
http://helios.miel-labs.com/

HijackThis - "Scan your computer to find settings changed by spyware, malware or other unwanted programs. Trend Micro HijackThis generates an in-depth report to enable you to analyze and fix your infected computer"
http://free.antivirus.com/hijackthis/

IceSword - "IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show."
http://www.antirootkit.com/software/IceSword.htm

JSUnpack - "The main difference is that it is a completely passive JavaScript decoder to perform Intrusion Detection, by processing network traffic (either an interface or pcap file), rather than URLs."
http://jsunpack.jeek.org/jsunpack-n.tgz

LordPE - "LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,..."
http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2007-10-21_1.48_LordPE_1.41_Deluxe_b.zip

Malcode Analyst Pack - "The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis. "
http://labs.idefense.com/software/download/?downloadID=8

Malzilla - ""Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell."
http://malzilla.sourceforge.net/

McAfee FileInsight - "FileInsight is a handy integrated tool environment for web site and file analysis. Hex editing, syntax highlighting, and it comes with several built-in decoders, built-in calculator, a disassembler, JavaScript scripting support, a Python-based plugin system and many more."
http://download.nai.com/products/mcafee-avert/fileinsight.zip

McAfee Rootkit Detective - "McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system."
http://vil.nai.com/vil/stinger/rkstinger.aspx

McAfee Stinger - "Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations." http://vil.nai.com/vil/stinger/

MS Sysinternals Tools - Specially Process Explorer, TCPView and Strings.
http://technet.microsoft.com/en-us/sysinternals/default.aspx

Ollydbg - "OllyDbg is a 32-bit assembler level analysing debugger for Microsoft(R) Windows(R). Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable."
http://www.ollydbg.de/

OllyDbg Plugins - http://www.openrce.org/downloads/browse/OllyDbg_Plugins

PEiD - "PEiD detects most common packers, cryptors and compilers for PE files. "
http://www.peid.info/

PEInfo - "PEInfo is a program for a detailed analysis of the 32-bit EXE, DLL, OCX, BPL files and other produced according to Portable Executable File Format specification."
http://www.pazera-software.com/products/peinfo/

ProcessHacker - "Process Hacker is a feature-packed tool for manipulating processes and services on your computer."
http://processhacker.sourceforge.net/

Regshot - "Regshot is an open-source(GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product."
http://sourceforge.net/projects/regshot/

RootkitRevealer - "RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit."
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Rootkit UnHooker - http://www.antirootkit.com/software/RootKit-Unhooker.htm

SpiderMonkey - "SpiderMonkey is the code-name for the Mozilla's C implementation of JavaScript."
http://www.mozilla.org/js/spidermonkey/

SpiderMonkey - DidierStevens Version - "My SpiderMonkey is a modified version of Mozilla's C implementation of JavaScript, with some extra functions to help with malware analysis."
http://blog.didierstevens.com/programs/spidermonkey/

SysAnalyzer - "SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. "
http://labs.idefense.com/software/download/?downloadID=15

User mode Process Dumper - "The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes"
http://download.microsoft.com/download/8/c/d/8cde0b73-d917-4130-9027-b3fa5b37467c/UserModeProcessDumper8_1_2929_5.exe

WinApiOverride32 - "WinAPIOverride32 is an advanced api monitoring software.
You can monitor and/or override any function of a process.
This can be done for API functions or executable internal functions."
http://jacquelin.potier.free.fr/winapioverride32/

XueTr - Chinese Anti-Rootkit tool
http://xuetr.com/download/XueTr.zip
+
Malicious Document Analysis Tools24.05.10-08:20
The Malicious Document Analysis section contains tools that will definitely turn the task to analyze and determine if one document (Microsoft Office or PDF) is malicious or not and even extract the malicious code from there.

iScanner - "iScanner is a free open source tool lets you detect and remove malicious codes and web pages malwares from your website easily and automatically."
http://iscanner.isecur1ty.org/

SWFScan - "HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform."
www.hp.com/go/swfscan

SWFTools - "SWFTools is a collection of utilities for working with Adobe Flash files (SWF files). "
http://www.swftools.org/

OfficeCat - "OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file."
http://www.snort.org/vrt/vrt-resources/officecat

OfficeMalScanner - "OfficeMalScanner v0.5 is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams"
http://reconstructer.org/code/OfficeMalScanner.zip

Offviz - "...about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called "OffVis"."
http://go.microsoft.com/fwlink/?LinkId=158791

PDF ID - "PDFiD will scan a PDF document for a given list of strings and count the occurrences"
http://www.didierstevens.com/files/software/pdfid_v0_0_10.zip

PDF Parser - "This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. "
http://www.didierstevens.com/files/software/pdf-parser_V0_3_7.zip

PDF Structazer - "This tool enables to analyze PDF documents at the PDF code level and to manipulate every single PDF object in the document."
http://www.esiea-recherche.eu/data/PDF%20Structazer.exe

PDF Toolkit - "If PDF is electronic paper, then pdftk is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses."
http://www.accesspdf.com/pdftk/

PDF Inflater - "PDF_streams_inflater is a tool for extracting and decompressing zlib compressed streams from PDF documents."
Mac Version:
http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=7&lid=27
Linux Version:
http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=5&lid=26
Windows Version:
http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=6&lid=25
+
Firefox Security Extensions02.05.10-17:03
Web Developer Toolbar - "The Web Developer extension adds a menu and a toolbar with various web developer tools. "
https://addons.mozilla.org/en-US/firefox/addon/60

XSS me - "XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities. "
https://addons.mozilla.org/en-US/firefox/addon/7598

No Script - "Allow active content to run only from sites you trust,and protect yourself against XSS and Clickjacking attacks."
https://addons.mozilla.org/en-US/firefox/addon/722

SQLinject me, "SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities. "
https://addons.mozilla.org/en-US/firefox/addon/7597

Hackbar, "Simple security audit / Penetration test tool. " -
https://addons.mozilla.org/en-US/firefox/addon/3899

Tamper data, "Use tamperdata to view and modify HTTP/HTTPS headers and post parameters... " -
https://addons.mozilla.org/en-US/firefox/addon/966

Force TLS, "Force-TLS allows web sites to tell Firefox that they should be served via HTTPS in the future; this helps secure you from accidentally negotiating an insecure session with certain sites."
https://addons.mozilla.org/en-US/firefox/addon/12714

Show Ip - https://addons.mozilla.org/en-US/firefox/addon/590 "Show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right mouse button) and
hostname (left mouse button), like whois, netcraft."

SiteAdvisor - "SiteAdvisor software adds safety ratings to your browser and search engine results."
http://sadownload.mcafee.com/products/SA/IE/upgrade/3.0.1/website/saSetup3.0.1.165.exe

FireShark - "Fireshark is a tool, made up of a Firefox plugin and a set of postprocessing scripts that allows you to capture web traffic from the core of your web browser, enabling you to log events and download content to disk for post-process analysis. "
http://fireshark.org/#download

GreaseMonkey - "Allows you to customize the way a webpage displays using small bits of JavaScript. ... " -
https://addons.mozilla.org/en-US/firefox/addon/748

Firebug - "You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page..." -
https://addons.mozilla.org/en-US/firefox/search?q=firebug&cat=all

z0me nuFzz

Komiks: pamětník konce19.05.12-00:00

Geary: nový e-mailový klient, který nekopíruje ty současné18.05.12-00:00

Alter Ego: s duší v patách18.05.12-00:00

Odborný text v LyX: matematika a bibliografie17.05.12-00:00

Přehlídka her pro osmibitovou konzoli Atari 780017.05.12-00:00

SAR: sledovanie výkonu, zbieranie dáta a vytváranie štatistík16.05.12-00:00

Softwarová sklizeň (16. 5. 2012)16.05.12-00:00

Novinky a vývoj v PostgreSQL 9.215.05.12-00:00

Podpora instrukcí typu SIMD na mikroprocesorech ARM15.05.12-00:00

SIP přes mobilní data: levnější volání proti vůli operátora14.05.12-00:00

Událo se v týdnu 20/201201.01.70-01:00

HW novinky: co Intel podělal na výrobě Ivy Bridge01.01.70-01:00

Komiks xkcd 1046: Skynet01.01.70-01:00

Kobo Deluxe01.01.70-01:00

Zpravodaj o Víně - 14. 5. 2012: Podpora .NETu ve Wine01.01.70-01:00

Jaderné noviny - 26. 4. 2012: Umísťování souborů na lepší místa na disku01.01.70-01:00

Komiks xkcd 152: Křečkův balón01.01.70-01:00

Událo se v týdnu 19/201201.01.70-01:00

HW novinky: 28 nanometrů, 12 gigabitů a 3,7 metru plasmových bodů01.01.70-01:00

Komiks xkcd 150: Dospěláci01.01.70-01:00

Migrace systému: praxe01.01.70-01:00

DSA-2475 openssl - integer underflow01.01.70-01:00

DSA-2474 ikiwiki - cross-site scripting01.01.70-01:00

DSA-2473 openoffice.org - buffer overflow01.01.70-01:00

DSA-2472 gridengine - privilege escalation01.01.70-01:00

DSA-2471 ffmpeg - several vulnerabilities01.01.70-01:00

DSA-2458 iceape - several vulnerabilities01.01.70-01:00

DSA-2457 iceweasel - several vulnerabilities01.01.70-01:00

DSA-2470 wordpress - several vulnerabilities01.01.70-01:00

DSA-2469 linux-2.6 - privilege escalation/denial of service01.01.70-01:00

DSA-2468 libjakarta-poi-java - unbounded memory allocation01.01.70-01:00

DSA-2467 mahara - insecure defaults01.01.70-01:00

DSA-2466 rails - cross site scripting01.01.70-01:00

DSA-2465 php5 - several vulnerabilities01.01.70-01:00

DSA-2422 file - missing bounds checks01.01.70-01:00

DSA-2464 icedove - several vulnerabilities01.01.70-01:00

DSA-2459 quagga - several vulnerabilities01.01.70-01:00

DSA-2462 imagemagick - several vulnerabilities01.01.70-01:00

DSA-2463 samba - missing permission checks01.01.70-01:00

DSA-2461 spip - several vulnerabilities01.01.70-01:00

DSA-2460 asterisk - several vulnerabilities01.01.70-01:00

DSA-2454 openssl - multiple vulnerabilities01.01.70-01:00

DSA-2456 dropbear - use after free01.01.70-01:00

DSA-2455 typo3-src - missing input sanitization01.01.70-01:00

Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability29.12.12-00:00

Vuln: FFmpeg libavcodec 'vmd decode()' Heap Based Buffer Overflow Vulnerability19.05.12-00:00

Vuln: pidgin-otr 'log_message_cb()' Function Format String Vulnerability18.05.12-00:00

Vuln: HP OpenVMS Integrity Server Unspecified Local Privilege Escalation Vulnerability18.05.12-00:00

Bugtraq: H2HC Brazil 9th Edition - Call for Papers01.01.70-01:00

Bugtraq: SEC Consult SA-20120518 :: Memory overwrite vulnerability in libwpd (OpenOffice.org) - CVE-2012-214901.01.70-01:00

Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow01.01.70-01:00

Bugtraq: Re: [oss-security] CVE Request: Planeshift buffer overflow01.01.70-01:00

More rss feeds from SecurityFocus01.01.70-01:00

News: Change in Focus10.03.10-00:00

News: Twitter attacker had proper credentials18.12.09-00:00

News: PhotoDNA scans images for child abuse18.12.09-00:00

News: Conficker data highlights infected networks16.12.09-00:00

Brief: Google offers bounty on browser bugs02.02.10-00:00

Brief: Cyberattacks from U.S. "greatest concern"28.01.10-00:00

Brief: Microsoft patches as fraudsters target IE flaw21.01.10-00:00

Brief: Attack on IE 0-day refined by researchers18.01.10-00:00

News: Monster botnet held 800,000 people's details04.03.10-00:00

News: Google: 'no timetable' on China talks04.03.10-00:00

News: Latvian hacker tweets hard on banking whistle26.02.10-00:00

News: MS uses court order to take out Waledac botnet25.02.10-00:00

Infocus: Enterprise Intrusion Analysis, Part One01.01.70-01:00

Infocus: Responding to a Brute Force SSH Attack01.01.70-01:00

Infocus: Data Recovery on Linux and <i>ext3</i>01.01.70-01:00

Infocus: WiMax: Just Another Security Challenge?01.01.70-01:00

Gunter Ollmann: Time to Squish SQL Injection01.01.70-01:00

Mark Rasch: Lazy Workers May Be Deemed Hackers01.01.70-01:00

Adam O'Donnell: The Scale of Security01.01.70-01:00

Mark Rasch: Hacker-Tool Law Still Does Little01.01.70-01:00

More rss feeds from SecurityFocus01.01.70-01:00

Vanilla 2.0.18.4 Cross Site Scripting19.05.12-03:43

Vanilla Latest Comment 1.1 Cross Site Scripting19.05.12-03:41

Vanilla About Me 1.1.1 Cross Site Scripting19.05.12-03:40

libssh2 C Library 1.4.219.05.12-03:37

Oracle Weblogic Apache Connector POST Request Buffer Overflow18.05.12-16:58