z0me nuFzz

aka some news aka don't be like půl prdele z křoví in dz morning ;)

Dnes je čtvrtek 23. 2., svátek má Svatopluk

Root.cz

Root.cz - informace nejen ze světa Linuxu

+
Anonymous hrozí zničením DNS. Můžou uspět?23.02.12-00:00
Členové hnutí Anonymous přišli s další hrozbou. Na konci března chtějí zaútočit na kořenové servery DNS a vyřadit tím překlad adres na celém internetu. Pokud by se takový útok podařil, došlo by k totálnímu ochromení celé sítě. Na cestě k takovému cíli ale existuje mnoho překážek. Je možné to uskutečnit?
+
Historie vývoje počítačových her (15.část - herní konzole Atari 5200)23.02.12-00:00
Dnes si nejprve společně shrneme situaci na trhu s herními konzolemi v roce 1982 a posléze se budeme zabývat popisem konzole pojmenované Atari 5200. Tato herní konzole sice nebyla komerčně tak úspěšná, jak by si majitelé společnosti Atari přáli, ale přesto přinesla několik zajímavých vlastností.
+
DMCA: proč nestačí současný právní rámec?22.02.12-00:00
Americký zákon Digital Millenium Copyright Act (DMCA) vytvořil první moderní rámec toho, jak by měla vypadat ochrana autorských práv na internetu již v roce 1999. Dnes je mu vytýkáno, že je zastaralý, neefektivní a brání rozvoji. Co je vlastně jeho obsahem a proč je třeba jej něčím nahradit.
+
Softwarová sklizeň (22. 2. 2012)22.02.12-00:00
Pravidelná sonda do světa (převážně) otevřeného softwaru. Dnes se podíváme na minimalistický hudební přehrávač, konzolový nástroj pro stahování audiovizuálního obsahu, program pro automatickou změnu pozadí plochy napříč všemi počítači a nástroj pro šifrování volání DNS. Na závěr nemůže chybět tradiční blbinka.
+
Zálohujeme s rsnapshot21.02.12-00:00
Každý z nás nejspíš někdy slyšel o zálohovacím nástroji rsync, my si dnes ukážeme práci s programem rsnapshot, který ke svému běhu rsync používá, ale zároveň umí i archivovat. Až se vám tedy někdy stane, že budete potřebovat soubor, který jste před 14 dny smazali, s rsnapshotem nebudete mít problém.
+
Pohled pod kapotu JVM (11.část - instrukce pro tvorbu polí a přístup k prvkům polí)21.02.12-00:00
Počet již popsaných instrukcí virtuálního stroje Javy se nám utěšeně zvětšuje. V dnešní části seriálu o programovacím jazyce Java i o JVM se zaměříme na popis dalších dvaceti instrukcí. Bude se jednat o instrukce používané pro vytváření polí různých typů a pro přístup k prvkům těchto polí.
+
LibreOffice 3.5: cestou drobných zlepšení20.02.12-00:00
Populární kancelářský balík LibreOffice (původně OpenOffice.org) se dočkal nové verze, která přináší opravu velkého množství chyb i řadu užitečných funkcí. Je tak možné se těšit na lepší dialogy, pohodlnější práci s tabulkovým procesorem nebo hezčí výstupy a grafy. Žádná revoluční změna se ale nekoná.
+
Bezpečnostní střípky: společnost si devět let nevšimla průniku20.02.12-00:00
Pravidelný pondělní přehled informací vztahujících se k problematice bezpečnosti IT. Z novinek týdne upozorníme na řadu přehledů a některé příručky, dále pak na nástroj detekující zranitelnosti videokonferencí a pochopitelně na téma, které oživilo řadu médií - problémy s generováním prvočísel pro algoritmus RSA.
+
Komiks: uploaduj, posílíš mír!18.02.12-00:00
Svoboda na internetu je nás naprosto klíčová a budeme ji prosazovat všemi prostředky. Budeme si dělat co chceme, šířit si díla jaká chceme a zacházet s internetem, jak my chceme! To je totiž ta správná svoboda a takhle my to chceme dělat. Ovšem jen do chvíle, kdy někdo začne okrádat nás. To nestrpíme!
+
Admirálem ve vesmírné ,,skoro" strategii Gratuitous Space Battles17.02.12-00:00
Pokud jste při sledování nějakého sci-fi seriálu zatoužili po vtělení do role admirála velícího flotile vesmírných lodí, máte konečně šanci si splnit svůj velký sen. Gratuitous Space Battles vám umožní nejen sestavit odvážnou a nepřekonatelnou strategickou formaci, ale i vlastní bojový arzenál.

abclinuxu - aktuální články

Seznam čerstvých článků na portálu www.abclinuxu.cz

+
Komiks xkcd 1014: Potíže s autem01.01.70-01:00
XKCD česky.
+
Zpravodaj o Víně - 10. 2. 201201.01.70-01:00
Je dobré hrát si s nastavením Direct3D? Americké exportní embargo. Přeložit, nebo nepřeložit "Program Files"? (Velké) zrychlení díky wineserveru v rámci procesu.
+
Píšeme knihu ve Writeru: praktické poznatky01.01.70-01:00
K sazbě tiskových materiálů se z pravidla používá specializovaný software. Ale například knihu můžete psát prakticky v kterémkoliv textovém editoru. Sám jsem nedávno takovou zkušenost měl, a proto jsem se rozhodl se o své poznatky podělit s ostatními formou krátkých a názorných příkladů z praxe. Konkrétně se budeme věnovat rychlému použití stylů, statistice a vytvoření obsahu.
+
Jaderné noviny - 9. 2. 2012: Automatické uspávání01.01.70-01:00
Aktuální verze jádra: 3.3-rc2. Citáty týdne: Greg Kroah-Hartman, Andrew Morton, Tony Luck, Anton Altaparmakov. Intel přijde s transakční pamětí. POHMELFS se vrací. Automatické uspávání a probouzecí zámky.
+
Komiks xkcd 1018: Hodnej polda, dadaistickej polda01.01.70-01:00
XKCD česky.
+
Událo se v týdnu 7/201201.01.70-01:00
Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.
+
HW novinky: Radeony HD 7700 vůbec poprvé s double-precision v mainstreamu01.01.70-01:00
Můžeme za to poděkovat flexibilitě architektury AMD GCN, ale nově uváděné mainstreamové, tedy levné Radeony HD 7700 jsou prvními novodobými kartami, které podporují double-precision. Vedle nich se podíváme na nová SSD firmy Hitachi a vše završíme jednou zajímavou kovovou krabičkou od Olympusu ukrývající zbrusu nový CMOS čip.
+
Komiks xkcd 1013: Probuďte se, ovčani01.01.70-01:00
XKCD česky.
+
OpenAFS - uživatel01.01.70-01:00
V tomto díle se budeme věnovat čerstvě vytvořenému uživateli z minulého dílu. Založíme mu volume, nastavíme mu jednoduché zálohování a ukážeme, jak si může vytvořit vlastní skupinu.
+
Hrajeme si s FFmpeg/Libav (2/2)01.01.70-01:00
Co dnes na webu letí a jak připravit videa pro přehrávání na internetu, aby se na ně podívalo co nejvíce lidí? Co všechno vlastně dnešní webové prohlížeče podporují? Minule jsme procházeli přípravnou fází, dnes se podíváme na tu praktickou, ovšem nějaké té omáčce se stejně nevyhneme.
+
Jaderné noviny - 2. 2. 2012: Co se v Linuxu 2.6.39 stalo s diskovým výkonem01.01.70-01:00
Aktuální verze jádra: 3.3-rc2. Citáty týdne: Steven Rostedt, Linus Torvalds, Ted Ts'o, Dave Chinner. Greg Kroah-Hartmann přechází k Linux Foundation. Co se v Linuxu 2.6.39 stalo s diskovým výkonem. Zrada bitového pole.

Debian Security

Debian Security Advisories

+
DSA-2415 libmodplug - several vulnerabilities01.01.70-01:00
Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for MOD music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following issues:
+
DSA-2414 fex - insufficient input sanitization01.01.70-01:00
Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the fup script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.
+
DSA-2413 libarchive - buffer overflows01.01.70-01:00
Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading ISO 9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.
+
DSA-2412 libvorbis - buffer overflow01.01.70-01:00
It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.
+
DSA-2411 mumble - information disclosure01.01.70-01:00
It was discovered that Mumble, a VoIP client, does not properly manage permissions on its user-specific configuration files, allowing other local users on the system to access them.
+
DSA-2410 libpng - integer overflow01.01.70-01:00
Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
+
DSA-2409 devscripts - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them:
+
DSA-2408 php5 - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:
+
DSA-2407 cvs - heap overflow01.01.70-01:00
It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client.
+
DSA-2406 icedove - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base.
+
DSA-2405 apache2 - multiple issues01.01.70-01:00
Several vulnerabilities have been found in the Apache HTTPD Server:
+
DSA-2403 php5 - code injection01.01.70-01:00
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
+
DSA-2404 xen-qemu-dm-4.0 - buffer overflow01.01.70-01:00
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of QEMU, which is used in the xen-qemu-dm-4.0 packages. This vulnerability might enable to malicious guest systems to crash the host system or escalate their privileges.
+
DSA-2384 cacti - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
+
DSA-2402 iceape - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey:
+
DSA-2401 tomcat6 - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been found in Tomcat, a servlet and JSP engine:
+
DSA-2400 iceweasel - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
+
DSA-2399 php5 - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues:
+
DSA-2398 curl - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems:
+
DSA-2397 icu - buffer underflow01.01.70-01:00
It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.
+
DSA-2396 qemu-kvm - buffer underflow01.01.70-01:00
Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.
+
DSA-2395 wireshark - buffer underflow01.01.70-01:00
Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code (CVE-2012-0068).
+
DSA-2394 libxml2 - several vulnerabilities01.01.70-01:00
Many security problems have been fixed in libxml2, a popular library to handle XML data files.
+
DSA-2393 bip - buffer overflow01.01.70-01:00
Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy which may allow arbitrary code execution by remote users.
+
DSA-2392 openssl - out-of-bounds read01.01.70-01:00
Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.
+
DSA-2301 rails - several vulnerabilities01.01.70-01:00
Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems:

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

+
Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability29.12.12-00:00
+
Vuln: Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability22.02.12-00:00
+
Vuln: Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability22.02.12-00:00
+
Vuln: Microsoft Windows ASX File Parsing Remote Buffer Overflow Vulnerability22.02.12-00:00
+
Bugtraq: [ MDVSA-2012:023 ] libxml201.01.70-01:00
+
Bugtraq: Multiple XSS in Chyrp01.01.70-01:00
+
Bugtraq: [ MDVSA-2012:022 ] libpng01.01.70-01:00
+
Bugtraq: Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines01.01.70-01:00
+
More rss feeds from SecurityFocus01.01.70-01:00
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

SecurityFocus News

+
News: Change in Focus10.03.10-00:00
Change in Focus
+
News: Twitter attacker had proper credentials18.12.09-00:00
Twitter attacker had proper credentials
+
News: PhotoDNA scans images for child abuse18.12.09-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
News: Conficker data highlights infected networks16.12.09-00:00
Conficker data highlights infected networks
+
Brief: Google offers bounty on browser bugs02.02.10-00:00
Google offers bounty on browser bugs
+
Brief: Cyberattacks from U.S. "greatest concern"28.01.10-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Brief: Microsoft patches as fraudsters target IE flaw21.01.10-00:00
Microsoft patches as fraudsters target IE flaw
+
Brief: Attack on IE 0-day refined by researchers18.01.10-00:00
Attack on IE 0-day refined by researchers
+
News: Monster botnet held 800,000 people's details04.03.10-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
News: Google: 'no timetable' on China talks04.03.10-00:00
Google: 'no timetable' on China talks
+
News: Latvian hacker tweets hard on banking whistle26.02.10-00:00
Latvian hacker tweets hard on banking whistle
+
News: MS uses court order to take out Waledac botnet25.02.10-00:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Infocus: Enterprise Intrusion Analysis, Part One01.01.70-01:00
Enterprise Intrusion Analysis, Part One
+
Infocus: Responding to a Brute Force SSH Attack01.01.70-01:00
Responding to a Brute Force SSH Attack
+
Infocus: Data Recovery on Linux and ext301.01.70-01:00
ext3

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Infocus: WiMax: Just Another Security Challenge?01.01.70-01:00
WiMax: Just Another Security Challenge?
+
Gunter Ollmann: Time to Squish SQL Injection01.01.70-01:00
Time to Squish SQL Injection
+
Mark Rasch: Lazy Workers May Be Deemed Hackers01.01.70-01:00

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909 ]]>
+
Adam O'Donnell: The Scale of Security01.01.70-01:00
The Scale of Security
+
Mark Rasch: Hacker-Tool Law Still Does Little01.01.70-01:00
Hacker-Tool Law Still Does Little
+
More rss feeds from SecurityFocus01.01.70-01:00
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Files ≈ Packet Storm

Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers

+
strongSwan IPsec Implementation 4.6.222.02.12-03:58
strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
+
LiveHelpNow Chat Cross Site Scripting22.02.12-03:56
LiveHelpNow Chat suffers from a cross site scripting vulnerability.
+
ForkCMS 3.2.5 Cross Site Request Forgery / Cross Site Scripting22.02.12-03:56
ForkCMS version 3.2.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
+
WordPress SB Uploader Shell Upload22.02.12-03:54
WordPress SB Uploader suffers from a shell upload vulnerability.
+
Oxwall 1.1.1 Cross Site Scripting22.02.12-03:52
Oxwall version 1.1.1 suffers from a cross site scripting vulnerability.
+
Mercurycom MR804 Router Denial Of Service22.02.12-03:50
Mercurycom MR804 Router version 3.8.1 Build 101220 Rel.53006nB suffers from a denial of service vulnerability when fed multiple HTTP headers.
+
SocialCMS Cross Site Scripting / SQL Injection22.02.12-03:49
SocialCMS suffers from cross site scripting and remote SQL injection vulnerabilities.
+
CMS Wizard Cross Site Scripting22.02.12-03:27
CMS Wizard suffers from a cross site scripting vulnerability.
+
Cisco Linksys WAG54GS Cross Site Request Forgery22.02.12-03:25
The Cisco Linksys WAG54GS ADSL router suffers from a cross site request forgery vulnerability.
+
P-Chat 0.9 Cross Site Scripting22.02.12-03:21
P-Chat version 0.9 suffers from a cross site scripting vulnerability.
+
DNSChef 0.122.02.12-03:16
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
+
Red Hat Security Advisory 2012-0324-0122.02.12-03:11
Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
+
Red Hat Security Advisory 2012-0323-0122.02.12-03:10
Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
+
Red Hat Security Advisory 2012-0322-0122.02.12-03:10
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
+
Red Hat Security Advisory 2012-0321-0122.02.12-03:10
Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
+
Gentoo Linux Security Advisory 201202-0222.02.12-03:10
Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.
+
Red Hat Security Advisory 2012-0309-0321.02.12-16:41
Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.
+
Red Hat Security Advisory 2012-0310-0321.02.12-16:40
Red Hat Security Advisory 2012-0310-03 - The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this flaw to corrupt the mtab file.
+
Red Hat Security Advisory 2012-0153-0321.02.12-16:39
Red Hat Security Advisory 2012-0153-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements.
+
Red Hat Security Advisory 2012-0311-0321.02.12-16:37
Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
+
Red Hat Security Advisory 2012-0313-0321.02.12-16:36
Red Hat Security Advisory 2012-0313-03 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled.
+
Red Hat Security Advisory 2012-0312-0321.02.12-16:35
Red Hat Security Advisory 2012-0312-03 - The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash.
+
Debian Security Advisory 2413-121.02.12-16:35
Debian Linux Security Advisory 2413-1 - Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.
+
Red Hat Security Advisory 2012-0168-0121.02.12-16:34
Red Hat Security Advisory 2012-0168-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.
+
Red Hat Security Advisory 2012-0301-0321.02.12-16:33
Red Hat Security Advisory 2012-0301-03 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code.

AppSec Street Fighter - SANS Institute

SANS Application Security Street Fighter Blog

+
"Password Tracking in Malicious iOS Apps"23.08.11-08:58
In this article, John Bielich and Khash Kiani introduce OAuth, and demonstrate one type of approach in which a malicious native client application can compromise sensitive end-user data.Earlier this year, Khash posted a paper entitled: "Four Attacks on OAuth — How to Secure Your OAuth Implementation" that introduced a common protocol flow, with specific examples and a few insecure implementations. For more information about the protocol, various use cases and key concepts, please refer to the mentioned post and any other freely available OAuth resources on the web.This article assumes that the readers are familiar with the detailed principles behind OAuth, and that they know how to make GET and POST requests over HTTPS. However, we will still ...
+
"The C14N challenge "15.08.11-10:54
Failing to properly validate input data is behind at least half of all application security problems.In order to properly validate input data, you have to start by first ensuring that all data is in the same standard, simple, consistent format — a canonical form. This is because of all the wonderful flexibility in internationalization and data formatting and encoding that modern platforms and especially the Web offer. Wonderful capabilities that attackers can take advantage of to hide malicious code inside data in all sorts of sneaky ways.Canonicalization is a conceptually simple idea: take data inputs, and convert all of it into a single, simple, consistent normalized internal format before you do anything else with it. But how exactly do you do this, and how do you know that it has been done properly? What are the steps that programmers need to take to ...
+
"Spot the Vuln \u0096 Boundaries - SQL Injection"08.08.11-08:23
Details Affected Software: My Calendar Wordpress Plugin Fixed in Version: >1.7.2 Issue Type: SQL Injection Original Code: Found Here Details This week's bug was a subtle mistake in the usage of an escaping routine. It seems the developer understood the dangers of SQL injection and therefore used an escaping routine to sanitize user controlled input before using that input to build a SQL statement. Unfortunately, the developer overlooked a crucial characteristic and used the wrong escaping routine. Looking at the vulnerable line, we see the following: [sourcecode lang="PHP"] $sql = "SELECT * FROM " . WP_CALENDAR_CATEGORIES_TABLE . " WHERE category_id=".mysql_escape_string($_GET['category_id']); [/sourcecode] As you can clearly see, the developer chose to utilize the mysql_escape_string() function to escape $_GET[category_id] before using category_id to build a SQL statement. Looking at ...
+
"Spot the Vuln - Boundaries"02.08.11-07:23
I like pushing boundaries.Lady GagaSpot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is posted so you can check your answers. Each exercise is designed to last between 5 and 10 minutes. Do it while you drink your morning coffee and you will be on your way to writing more secure applications.[sourcecode language="php"]...snip... </style><?php // We do some checking to see what we're doing if (isset($_POST['mode']) && $_POST['mode'] == 'add') { // Proceed with the save $sql = "INSERT INTO " . WP_CALENDAR_CATEGORIES_TABLE . " ...
+
"Spot the Vuln - Floods - SQL Injection"01.08.11-09:06
DetailsAffected Software: Corpse C&CFixed in Version: ?Issue Type: SQL InjectionOriginal Code: Found HereDetailsThis week's bug is in Corpse C&C. SpotTheVuln reader Christina hits it right on the head, line 32 contains a ridiculous amount of SQL injection. Most of the parameters passed to the INSERT statement results in SQL injection. $id, $info, and $user are all set directly from $_GET or $_POST and are used in the SQL statement without any sanitization. Despite its name, $real_ip is also completely attacker controlled and can be used for SQL injection. Getenv("HTTP_X_FORWARDED_FOR") doesn't sanitize the user controlled value in any way. For some reason, many developers assume the X-Forwarded-For header will only specify an IP address or domain name. X-Forwarded-For can contain any characters (including angle brackets, ...

Musings on Information Security

_ Where facts are few, experts are many

+
"SSL Audit" - Updated release (SSL/TLS Scanner)27.12.11-16:02
Preamble : During my research on TLS/SSL Compatibility across different Operation Systems and Browsers I created supporting tools for myself and later decided to release them for the public....

Security news : http://blog.zoller.lu
+
Final - SSL/TLS renegotiation explained (CVE-2009-3555)23.12.11-13:19
Final release for my paper explaining the different attack vectors and impacts for (CVE-2009-3555) "TLS / SSL renegotiation vulnerability". Added comments and corrections by Alun Jones (Who I...

Security news : http://blog.zoller.lu
+
PCI compliance, Security in isolated systems and Parking Tellers06.12.11-20:13
A colleague of mine spotted the below while we were doing our expenses - The photograph below shows two separate receipts from two parking buildings that are not far away from each other in central...

Security news : http://blog.zoller.lu
+
Blog cleanup01.11.11-13:57
As some regulars might have noticed I restructed this blog a bit trying to get rid of some clutter. At the same time I updated a few specific pages I wanted to point out : Vulnerability...

Security news : http://blog.zoller.lu
+
THC SSL DoS - vs - Per Design26.10.11-20:41
Since this is a rather old topic with both sides having valid points I will keep this post short and sweet. I have had no time to measure of investigate in depth and I don't think I will find...

Security news : http://blog.zoller.lu
+
Attacker Classes and Pyramid (Version 2)18.10.11-20:20
This is a living blog post I will update whenever I have time and new ideas. TOC Introduction Updates Attacker Classes Attacker Pramid Q&A Introduction The other day I was brainstorming...

Security news : http://blog.zoller.lu
+
The BEAST summary - TLS, CBC, Countermeasures (Update 4)26.09.11-16:18
Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Duong at the Ekoparty. This blog post will be continuously...

Security news : http://blog.zoller.lu
+
TLS/SSL hardening and compatibility Report 201120.09.11-17:21
This is a cross post from the G-SEC blog My professional and private commitments made it difficult to maintain a healthy blogging style, I am trying to get back to some blogging on a more regular...

Security news : http://blog.zoller.lu
+
What did PHP crypt() and Alzheimer have in common ?23.08.11-20:47
I stumbled across this weird PHP bug in the crypt() implementation (version 5.3.7RC5) [1] The bug reporter states that : "If crypt() is executed with MD5 salts, the return value consists of...

Security news : http://blog.zoller.lu
+
Tools, Whitepapers, Talks01.08.11-22:20
Talks / Lectures During my career I had the opportunity to present my thoughts and views on Information Security to numerous people and organizations, below is a list of conferences I had the...

Security news : http://blog.zoller.lu
+
CVE-2010-x+n - Loadlibrary/Getprocaddress roars its evil head in 201022.08.10-23:33
Subscribe to the RSS feed in case you are interested in updates After Acrossecurity, published an interesting vulnerability and HDmoore appears to have stumbled on the same issue, I decided to...

Security news : http://blog.zoller.lu
+
CVE-2010-2568 - LNK Code execution - Proof of concept (Update)18.07.10-15:14
Subscribe to the RSS feed in case you are interested in updates Ivanlef0u released a POC for the exploit used in targeted attacks :http://ivanlef0u.nibbles.fr/repo/suckme.rar More...

Security news : http://blog.zoller.lu
+
Top 10 Vulnerability Researcher 200917.03.10-18:09
Subscribe to the RSS feed in case you are interested in updates Thanks @edisoar for the hint: IBM ISS collected information about the researches that discovered and published most...

Security news : http://blog.zoller.lu
+
Videos of IDF Nominees in "Excellence in Visual Art"02.03.10-18:07
Subscribe to the RSS feed in case you are interested in updates The Independant Games Festival is taking place right now, the Indie games [1] below have been nominated in the category...

Security news : http://blog.zoller.lu
+
New Paper: SSL/TLS Hardening and Compatibility report 201018.02.10-16:23
Subscribe to the RSS feed in case you are interested in updates Copied from the post over at G-SEC: At last. What started as an "I need an overview of best practise in SSL/TLS configuration"...

Security news : http://blog.zoller.lu
+
SSL/TLS Audit - New tool17.02.10-10:22
Subscribe to the RSS feed in case you are interested in updates Developed as part of G-SEC's investigation into the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this...

Security news : http://blog.zoller.lu
+
TLS / SSLv3 renegotiation vulnerability explained - NEW update18.11.09-15:16
Subscribe to the RSS feed in case you are interested in updates I updated the whitepaper "TLS / SSLv3 vulnerability explained" : Updated 18.11.2009 : Added SMTP over TLS attack scenario, added...

Security news : http://blog.zoller.lu
+
New SSLv3 / TLS vulnerability - MITM attacks possible05.11.09-14:12
Subscribe to the RSS feed in case you are interested in updates In order to allow me to update in a more convenient manner, the latest updates will be added to the G-SEC blog only. Once the...

Security news : http://blog.zoller.lu
+
Computer Associates multiple products - RCE13.10.09-16:59
Subscribe to the RSS feed in case you are interested in updates I released another advisory today, the affected products are from Computer Associates who I'd like to thank for the cooperation...

Security news : http://blog.zoller.lu
+
Derren Brown guessed the lottery numbers - afterwards12.09.09-15:38
Subscribe to the RSS feed in case you are interested in updates Derren Brown, the NLP master and magician "predicted" the Lotterie numbers Live on TV and promised to tell on Friday how he...

Security news : http://blog.zoller.lu
+
You get what you pay for11.09.09-17:31
Subscribe to the RSS feed in case you are interested in updates On a more non-technical note, I stumbled across this offer from a "renowed luxemburgish recruitment agency." I am not sure what part...

Security news : http://blog.zoller.lu
+
IIS 5&6 FTP vulnerability - information and tools (KB975191)02.09.09-13:46
Subscribe to the RSS feed in case you are interested in updates I wrote a small summary and facts about the recent IIS5&6 FTP 0day, note that te vulnerable part of the code can be reached without...

Security news : http://blog.zoller.lu
+
New advances in Office malware analysis31.07.09-00:47
Subscribe to the RSS feed in case you are interested in updates http://blog.g-sec.lu/2009/07/new-advances-in-officeexcelpowerpoint.html Dear Anti virus vendors, Your clients are getting...

Security news : http://blog.zoller.lu
+
Advisory : One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....15.07.09-20:18
Subscribe to the RSS feed in case you are interested in updates [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

Security news : http://blog.zoller.lu
+
0pen0wn.c - Shellcode "dissasembled"14.07.09-18:43
Subscribe to the RSS feed in case you are interested in updates Rumor had it that the anti-sec group was using a OpenSSH 0day, str0ke today linked to an URL that supposedly has the exploit code to...

Security news : http://blog.zoller.lu

Educated Guesswork

Educated Guesswork (converted from Atom 1.0)

+
Protecting your encrypted data in the face of coercion11.02.12-18:28
Cryptography is great, but it's not so great if you get arrested and forced to give up your cryptographic keys. Obviously, you could claim that you've forgotten it (remember that you need a really long key to thwart exhaustive search... (...)
+
GIT Y U NO...24.01.12-04:01
You have to have used git to really understand this one, but... [16] git checkout f4a56 Note: checking out 'f4a56'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard... (...)
+
What is this all this crap in my wallet?23.01.12-03:35
On my way to Red Rock today to do some work, I looked in my wallet to see if I had enough money to afford my hot chocolate (paying for a $3.50 drink with a credit card is a pretty... (...)
+
Does DNSSEC really interfere with SOPA/PIPA?22.01.12-07:53
You've of course heard by now that much of the Internet community thinks that SOPA and PIPA are bad, which is why on January 16, Wikipedia shut itself down, Google had a black bar over their logo, etc. This opinion... (...)
+
The Supremes on the failure of broadcast content controls11.01.12-17:10
In Dahlia Lithwick's report on FCC v. Fox (about the FCC's TV indecency policy), she writes: Justice Stephen Breyer raises a question about why the ABC ass case is being heard together with the fleeting-expletives case. Justice Ginsburg asks whether... (...)
+
Web form complaints01.01.12-02:41
Spent some of today getting my 2011 charitable donations out of the way, so I've been experiencing a lot of different Web forms. Remember, these people want my money, so it would be nice if they didn't make the experience... (...)
+
Somelliers for beer... wait, what?23.12.11-06:24
Mark Garrison has a rather odd article in Slate arguing that we need expert advice to order beer in restaurants: It's a busy night at the D.C. restaurant Birch & Barley, as well as its casual upstairs sister joint, ChurchKey.... (...)
+
Do we need DNS confidentiality?18.12.11-15:33
The first step in most Internet communications is name resolution: mapping a text-based hostname (e.g., www.educatedguesswork.org) to a numeric IP address (e.g,, 69.163.249.211). This mapping is generally done via the Domain Name System (DNS), a global distributed database. The thing... (...)
+
An overview of espresso-making technology08.12.11-17:35
I've been meaning to write something about espresso and the various technology options for making one, but I never get around to it. Now I have. I'm not an espresso-making expert, but I'm a guy who cares about espresso, has... (...)
+
More on qualification: gender and age29.11.11-18:20
As I wrote earlier, many oversubscribed races use a performance-based qualification process as a way of selecting participants. What I mostly passed over, however, is whether different people should have to meet different qualifying standards. If your goal is to... (...)
+
On qualification standards28.11.11-17:17
One of the common patterns in endurance and ultra-endurance sports is to have one or two races that everyone wants to do (the Hawaii Ironman, the Boston Marathon, Western States 100, etc.) Naturally, as soon as the sport gets popular... (...)
+
HyperMac's external battery workaround08.11.11-14:54
The MacBook (Air, Pro, etc.) are great computers, but the sealed battery is a real limitation if you want to travel with it. My Air gets about 5-6 hours of life if I'm careful, which is fine for a transcontinental... (...)
+
Rizzo/Duong BEAST Countermeasures05.11.11-16:14
A while ago I promised to write about countermeasures to the Rizzo/Duong BEAST attack that didn't involve using TLS 1.1. For reasons that the rest of this post should make clear, I had to adjust that plan a bit. To... (...)
+
SSL/TLS and Computational DoS25.10.11-21:03
Threat Level writes about the release of a denial of service tool for SSL/TLS web servers. The tool, released by a group called The Hackers Choice, exploits a known flaw in the Secure Socket Layer (SSL) protocol by overwhelming the... (...)
+
My comments on Argonne's "Suggestions for Better Election Security"18.10.11-20:17
Following up on their demonstration attack on Diebold voting machines (writeup, my comments), the Argonne Vulnerability Assessment Team has developed a set of Suggestions for Better Election Security). My review comments are below: I've had a chance to go over... (...)

IdentityMeme.org

=JeffH's musings on identity, security, protocols, SDOs, and tussles thereof...

+
Seems we can all just GetYourCensorOn ..or we can go after SOPA and ProtectIP/PIPA17.12.11-23:23
+
‘Combating Cybercrime’ whitepaper09.05.11-00:50
+
RFC6265 'HTTP State Management Mechanism' ("cookies") published06.05.11-21:33
+
RFC6125 “TLS/SSL Server Identity Check” is published05.04.11-23:56
+
TLS/SSL Server Identity Check will be RFC612515.03.11-17:25
+
‘HTTP State Management Mechanism’ (”cookies”) to Proposed Standard07.03.11-23:53
+
Web (In)Security: Remediation Efforts - Status and Outlook07.03.11-23:30
+
Susan Landau's new book and Huffington Post blog23.02.11-16:55
+
of TLS/SSL Server Identity Checking02.02.11-00:08
+
Firesheep and HSTS (HTTP Strict Transport Security)29.10.10-19:43

Sorry, no items found in the RSS file :-(

+
http://blog.smejdil.cz/2012/02/zabbix-debian-initd-script.html">Zabbix Debian init.d script14.02.12-10:58
Dnes od rána řeším nenabíhání zabbix-agent i zabbix-server po rebootu. Instalace zabbixu je ze src, kde se i nachazeji init scripty od tvůrce Zabbixu Alexei Vladishev.

./zabbix-1.8.10/misc/init.d/debian/zabbix-server
./zabbix-1.8.10/misc/init.d/debian/zabbix-agent

Tyto scripty jsou funkční, ale ne po bootu. Jsou psány zjevně pro starší Debian. Debian Linux 6.0 ("Squeeze") používá Script LSB (Linux Standards Base). Vice je popsáno zde.

Nejprve jsem se snažil přidat patřičnou sekci do src init.d scriptu. Ale to nepomohlo.

### BEGIN INIT INFO
# Provides: zabbix-server
# Required-Start: $remote_fs $network
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Should-Start: mysql
# Should-Stop: mysql
# Short-Description: Start zabbix-server daemon
### END INIT INFO

V desktop virtuálu mám Debian-6.0.4 a tak jsem si na něm udělal snapshot a nainstaloval zabbix-agennt a zabbix-server-mysql. A posléze si zkopíroval balíčkové 1.8.2 init scripty, které by fungovat měly.

Jenomže ejhle taky nezafungovaly. Tak jsem pátral dál a přišel jsem na daný problém. Defaulní src vzorové konfiguráky zabbix-server.conf používají proměnnou PidFile v /tmp, což jsem chybně zachoval a v tom je ten problém. Config i init script jsem měl upraven tak aby se použival pid v /tmp. Po přepsání konfigurace serveru i agenta na správné umístění PIDu, začal start zabbixu po bootování fungovat.

PidFile=/var/run/zabbix-server/zabbix_server.pid
...
NAME=zabbix_server
DAEMON=/opt/zabbix-server/sbin/$NAME
DESC="Zabbix server"
DIR=/var/run/zabbix-server
PID=$DIR/$NAME.pid
+
http://blog.smejdil.cz/2012/02/ledove-sochy-basnice.html">Ledové sochy Bašnice12.02.12-21:31

Ledové sochy Bašnice, a set on Flickr.
Dnes těsně po obědě jsme s rodinkou navštívili ledové sochy v Bašnici u Hořic. Vstupné dobrovolné.
+
http://blog.smejdil.cz/2012/02/openfire-with-openldap-on-debian.html">OpenFire with OpenLDAP on Debian04.02.12-16:07
Již v minulosti jsem zprovozňoval několik XMPP/Jabber serverů OpenFire v různých kombinacích. Kkonfiguraci s Active Directory jsem si již poznamenal, ale minulý týden jsem instaloval OpenFire oproti OpenLDAP na Debianu a trápil jsem se s mapováním skupin.

Stručný popis instalace:

OpenFire Jabber/XMPP
http://www.igniterealtime.org/projects/openfire/
http://www.igniterealtime.org/downloads/index.jsp
Download Openfire 3.7.1
manualne stažen soubor openfire_3.7.1_all.deb

Potřebné balíky

aptitude install sun-java6-jdk
aptitude install mysql-server-5.1

Založení databáze.

mysql -u root -p
create database openfire;
GRANT USAGE ON openfire.* TO openfire@localhost IDENTIFIED BY 'Jabber371';
GRANT SELECT, INSERT, UPDATE, CREATE, DELETE, DROP ON openfire.* TO openfire@localhost;
FLUSH PRIVILEGES;

Instalace balíčku

cd install
dpkg -i openfire_3.7.1_all.deb
Selecting previously deselected package openfire.
(Reading database ... 19315 files and directories currently installed.)
Unpacking openfire (from openfire_3.7.1_all.deb) ...
Setting up openfire (3.7.1) ...
adduser: Warning: The home directory `/var/lib/openfire' does not belong to the user you are currently creating.
Starting openfire: openfire.

http://jabber.domena.cz:9090/setup/index.jsp
https://jabber.domena.cz:9091/setup/index.jsp

Uprava LDAP konfigurace systemu

joe /etc/ldap/ldap.conf
BASE dc=domena,dc=cz
URI ldap://ldap.domena.cz

User v LDAP

dc=doemana,dc=cz
cn=jabber,dc=domena,dc=cz

Použití SRV záznamu je sepsáno zde.

Konfigurace LDAP ve Web Adminu OpenFire pro použítí s OpenLDAP

Hostitel: ldap.domena.cz - Lepší IP adresa
Port: 389
Základní DN: dc="domena",dc="cz"
DN administrátora: cn="jabber",dc="domena",dc="cz"

Mapování uživatelů
Pole Uživatel: uid
Jméno: name # možno změnit dle implementace LDAP
Email: email # možno změnit dle implementace LDAP
Pozice: description

Mapování skupin
Pole Skupina: cn
Pole Člen: memberUid
Pole Popis: description
Posix mód: Ano Ne
Filtr skupin: (&(objectClass=posixGroup))

Protože jsem se trápil s tím, že PosixGroup jsem viděl, ale ne její členy, vznesl jsem dotaz na OpenFire komunitu :-) A pak jsem si říkal, jaká to byla blbost. Vzhledem k tomu, že jsem danou konfiguraci již měl zprovozněnou, jen jsem to prostě přehlédl.
+
http://blog.smejdil.cz/2012/02/xmppjabber-openfire-dns-srv.html">XMPP/Jabber Openfire a DNS SRV04.02.12-14:48
Pokud se rozhodnu provozovat např. XMPP/Jabber server OpenFire v nějaké doméně, většinou se rozhodnu pro nějaký název jako třeba jabber.domena.cz. V tomto momentě se bez SRV záznamu obejdu.

Pokud mám server zprovozněn na doméně jabber.domena.cz, ale JID chci mít jmeno.prijmeni@domena.cz musím mít jabber server nainstalován na serveru, kam ukazuje doména domena.cz, což né vždy je možné. Proto musíme použít DNS SRV záznam, který jabber klientum s JID jmeno.prijmeni@domena.cz řekne, kde je daný server umístěn. Záznamy v DNS zóně vypadají následovně.

_xmpp-server._tcp.domena.cz. 3600 IN SRV 10 0 5269 jabber.domena.cz.
_xmpp-client._tcp.domena.cz. 3600 IN SRV 10 0 5222 jabber.domena.cz.

Formát SRV záznamu je pěkně popsán zde. SRV je záznam používán pro mnoho dalších služeb. Prvně jsem jej viděl použit u SIPu.

Kontrolu DNS záznamu můžeme prověřit pomocí příkazu dig.

dig @ns.cesnet.cz SRV _xmpp-server._tcp.gmail.com
dig @ns.cesnet.cz SRV _xmpp-client._tcp.gmail.com

Můžeme takto snadno zjistit, na kterém hostname jsou provozovány jabber servery (jabber.cz, jabbim.cz, seznam.cz :-) a treba jabber.org) a hlavně, zda používají SRV záznam.

Z logu DNS serveru bind jsem vypozoroval dotazy od XMPP klienta Pidgin.

04-Feb-2012 14:46:41.530 queries: info: client 192.168.0.1#58165: query: _xmpp-client._tcp.domena.cz IN SRV + (192.168.0.1)
+
http://blog.smejdil.cz/2012/02/zub-na-grafu.html">Zub na grafu04.02.12-14:25

Dnes jsem do domacího IP SMART BOARDu, který používám jako termostat s dvěma čidlama nahrával nový opravný firmware ip1_0_3.bin Čidlo sleduji pomocí SNMP a zaznamenávám do Zabbixu. Po upgradu jsem větral danou místnost a je neskutečný, jak teplota v místnosti klesne za 10 minut z 22 °C na 6 °C. S tím že venku bylo asi -10 °C nevím přesně.
+
http://blog.smejdil.cz/2012/01/remote-scan-on-hp-laserjet-3390.html">Remote scan on HP LaserJet 339024.01.12-13:33
K užití se mi naskytla tiskárna HP LaserJet 3390, což je typ AllInOne. Kolega hlásil, že drivery k Vista a Win7 a výše 64bit pro scan prý nejsou a nebudou. A tak jsem pátral po možnosti pod Linuxem LMDE. Nápomocny mi byl help k Ubuntu.

https://help.ubuntu.com/community/HpAllInOne

Můj postup byl následující:

Nainstaluji SANE a ovladače hplip

apt-get install sane xsane
apt-get install hplip

hp-makeuri 192.168.10.42

HP Linux Imaging and Printing System (ver. 3.11.5)
Device URI Creation Utility ver. 5.0

Copyright (c) 2001-9 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.

CUPS URI: hp:/net/HP_LaserJet_3390?ip=192.168.10.42
SANE URI: hpaio:/net/HP_LaserJet_3390?ip=192.168.10.42
HP Fax URI: hpfax:/net/HP_LaserJet_3390?ip=192.168.10.42

Pak už jen pustim xsane s URI

xsane hpaio:/net/HP_LaserJet_3390?ip=192.168.10.42

Jsem moc rád, když velcí výrobci Linux podporují. Hnedle je možno říct že daný model je 100% kompatibilní s Linuxem. "Kupte si jej pro používání s Linuxem :-)"
+
http://blog.smejdil.cz/2012/01/htc-desire-s.html">HTC Desire S09.01.12-16:01
Tak jsem se konečně dočkal nějakého telefonu s Androidem. Je jím HTC Desire S. Od dob, kdy jsem Android testoval poprvé na HTC TyTN II uteklo již hodně vody. Dnes je na trhu mnoho telefonu a výběr je opravdu velký.

Po rozbalení a zapnutí mě velmi mile překvapilo, že import kontaktů ze stařičkého SE K790i pomocí Bluetooth proběhl bez naprostých problémů. A zvládl by ho asi netechnický uživatel.

Zatím se seznamuji, což bude chvíli trvat. Jinak výdrž baterek zatím bída :-) což je vlastnost.
+
http://blog.smejdil.cz/2012/01/lmde-wine.html">LMDE wine09.01.12-11:01
Nevim proč, ale v repo LMDE není wine. Kompiluji tedy ručne dle wiki.

Doporučené baličky jsou popsány zde.

Building Wine on 64-bit Debian Testing

Doinstalovával jsem kupu dev baliků.
+
http://blog.smejdil.cz/2012/01/tablet-yarvik-tab410-s-adndroid.html">Tablet Yarvik TAB410 s Adndroid05.01.12-22:39
Dostal se mi do rukou asi na 14 dní tento tablet s OS Android 2.2 #4026. Na stránkách výrobce již model TAB410 není, tak uvádím odkaz na novější model TAB420. Nutno hnedle na zažátku dodat že na iPad tento kousek prostě nemá. Fakt, že nelze instalovat z klasického Android Marketu systém značně ochuzuje. Pro instalaci apikací je zde integrován portál Getjar. Pár známých aplikací jsem tam našel. Např. nasraný ptáci - Angry Birds, na 10" displeji se to hraje moc pěkně.

Tablet se ke mě dostal z důvodu nefunkce webové administrace automatu Tecomat. Přesněji stránka vyžaduje podporu XML v browseru. Integrovaný browser zobrazí jen bílou stránku. Důvodem je, že operační systém Android bohužel neobsahuje ve svém prohlížeči XSLT transformaci, takže pomocí něj nelze stránky zobrazit. Pokoušel jsem se instalovat Operu a Firefox pro Android z oficiálních zdrojů, ale vždy to po mě chtělo Google účet který již je spojen s nějakým Android mobilem. Zatím nejsem vlastníkem telefonu s androidem, ale to se asi brzo změní. Tak posléze doplním, zda se mi podařilo na Yarvik TAB410 doinstalovat nějaký klasický web browser.

Do tabletu se mi podařilo doinstalovat operu z tohoto zdroje. Vybral jsem soubor opera.v11.00.1103311355.apk a po stažení instalace dopadla dobře. Stránka automatu je již funkční.
+
http://blog.smejdil.cz/2012/01/juniper-srx650-prvni-kroky.html">Juniper SRX650 prvni kroky05.01.12-20:00
Hnedle drudý den v nové práci jsem byl s kolegou vyzvednou router Juniper SRX650, jako testovací kousek od DNS a.s. CITY EMPIRIA. Router jsem přivezl do kanclu a druhý den jsem se v něm již musel vrtat. Hodil se mi seriový kabel, který mám od nějakého Cisco routeru.

Routery Juniper mají v sobě systém JUNOS, což je v základu FreeBSD, které nám umožňuje pouštět klasické userland aplikace, netstat, ping, tcpdump atd. V systému je jediný balíček a to je junos. FreeBSD je patřičně modifikováno, ale je tam hodně cejtit.

ntb:$ ssh 192.168.10.42
--- JUNOS 10.4R4.5 built 2011-05-06 06:14:23 UTC
smejdil@juniper> start shell
% pwd
/cf/var/home/smejdil
% uname -a
JUNOS juniper 10.4R4.5 JUNOS 10.4R4.5 #0: 2011-05-06 06:14:23 UTC builder@warth.juniper.net:/volume/build/junos/10.4/release/10.4R4.5/obj-octeon/bsd/sys/compile/JSRXNLE octeon
% pkg_info
junos JUNOS Software Release [10.4R4.5]

Dostal jsem za úkol router nakonfigurovat tak, aby se dal umístit do serverovny s veřejným IP. Dále jsem přidal nějakého uživatele a nastavili patřičné politiky.

Pomocí sériové konzole a patřičného kabelu jsem se již přihlásil na daný box.

sudo screen /dev/ttyUSB0 9600

login: root
--- JUNOS 10.4R4.5 built 2011-05-06 06:14:23 UTC
root@%
root@% cli
root>

Prompt: root@% - FreeBSD
Prompt: root> - konfigurační režim
Prompt: root# - editační režim

Jakožto naprostý zčátečník jsem použil config-wizard, který mě provede základním nastavením.

root@% config-wizard
Enter host name: juniper
Please enter root password:
Retype root password:

Would you like to configure domain name? [yes,no] (no): y
Enter domain name: juniper.smejdil.cz

Would you like to configure name server? [yes, no] (no): y
Enter IP address for the name server: 195.113.144.194

Configure the following network interfaces

Identifier Interface Identifier Interface
1 ge-0/0/0 2 ge-0/0/1
3 ge-0/0/2 4 ge-0/0/3
...

Would you like to configure any of the above interfaces? [yes,no] (yes): no

Enter a new user name: smejdil
Please enter user password:
Retype user password:

Would you like to configure SNMP Network Management? [yes,no] (no): y
Enter a SNMP V2 read-only mode community string [public]:

Would you like to review configuration commands? [yes,no] (no): y
The following configuration command(s) were created:

set system host-name juniper
set system root-authentication encrypted-password-value "********"
set system name-server 195.113.144.194
set system services web-management http
set system services telnet
set system services ssh
set system domain-name smejdil.cz
set system login user smejdil class super-user authentication encrypted-password "********"
set system services web-management http
set system services telnet
set system services ssh
set snmp community "public" authorization read-only

Would you like to commit the initial configuration and exit? [yes,no]: yes

Building configuration ...
Finished.

Please type 'cli' to enter JUNOS CLI operation mode.

Další nastavení je prováděno např takto:

root@juniper> configure
Entering configuration mode
set interfaces ge-0/0/0 unit 0 family inet address 192.168.10.42/30
set routing-options static route 0.0.0.0/0 next-hop 192.168.10.41
set system ntp server 195.113.144.238
set system ntp server 195.113.144.201
set system time-zone Europe/Prague
commit

Toto pro seznámení zatím postačuje.
+
http://blog.smejdil.cz/2011/12/kindle-podpora-medii.html">Kindle podpora medií28.12.11-10:53

Pro čtečku knih Amazone Kindle existuje již podpora několika periodik. Uvádím si zde seznam nalezených.
- http://www.novinky.cz/kindle/
- http://www.e15.cz/kindle
- http://kindle.centrum.cz/
- http://vice.idnes.cz/kindle_zadani.asp
Služby
- http://www.kindly.cz/
- http://www.ecti.cz/cteni-zdarma-zdroje/
+
http://blog.smejdil.cz/2010/06/storry-of-my-geocoin-tbvkg0.html">Storry of my GeoCoin TBVKG022.12.11-22:19
První GeoCoin, který jsem si pořídíl v roce 2006 SmEjDiL's Czech GeoCoin jsem nechl zavést svým známým Houmr13 do Malaysie Kuala Lumpur City Center - GCVNR5, odkud nechtěně putoval na Australský kontinent. Kde nějakou dobu putoval. Dne 27.9.2008 byl vložen do cache Rocky Heights - GC18ACK, kde si mince počkala až do 27.5.2010, kdy jej vyzvedl syn mé kolegyně z práce ZuzlaN, který si do daných končin národního parku Namadgi naplánoval velmi náročnou a dobrodružnou cestu se svým holandským kamarádem.

Zde je pár videjí z jejich výletu.

UPDATE:
ZuzlaN sepisuje svůj blog, kde uvádí Kapitola 24 Mt Kelly, která podrobně popisuje co zažili.
+
http://blog.smejdil.cz/2011/12/vodni-nadrz-les-kralovstvi-v-reklame.html">Vodní nádrž Les Království v reklame22.12.11-16:51
Přehrada Tešnov neboli Vodní nádrž Les Království učinkuje v rekmamě na Jameson "Fire"

Tady je ještě ukecaná verze.

Díky Štěpáne za odkaz.
+
http://blog.smejdil.cz/2011/12/lastfm-web-app.html">Last.FM web app21.12.11-09:02
Pokud někdo používá službu Last.FM hlavně s audioscrobblerem, tak existuje několik doprovodných aplikací, které umí načíst data o poslouchané hudbě.
- http://lastgraph.aeracode.org/ Generování pěkných grafů
- http://covers.nmstudio.pl/ Top album generátor
- http://bandlogos.descentrecords.com/ Brand logos
+
http://blog.smejdil.cz/2011/12/end-of-my-story-fg-forrest.html">END of my story - FG Forrest16.12.11-16:00
Dnes končím ve společnosti FG Forrest. A nastupuji na přijemnou 14ti denní dovolenou a od nového roku nastupiji jinde. V FG jsem se hodně naučil a určitě se mi zasteskne po fajn lidech.

Dnešní den byl ve zamení hraní Urban Terror, krásně jsem si užil Sniperování FG mělo vánoce a tak vetšina náchodské pobočky doslova pařila a z firmy se stala LAN párty.

Ať se Vám Forresti daří ...
+
http://blog.smejdil.cz/2011/12/distribucni-testy.html">Distribuční testy13.12.11-14:25
V listopadu jsem se rozhodl odstavit dlouhodobě stabilní distribuci Ubuntu 10.04.3 LTS. A rozhodl jsem se vyzkoušet Linux Mint Debian Edition, o čemž jsem se zde zmiňoval vypozoroval jsem jednu chybu v GTK, zatím neopravena.

Jelikož jsem si mohl dovolit znefunkčnit desktop, dále jsem chtěl vidět Linux Mint 12 Lisa v akci. Lisu momentálně používám.

Snažím se pracovat s Gnome 3 s extenzí MGSE. Gnome-shell se mi líbí více jak Unity, proto celé seznamování s novým prostředím při běžné práci. Ovšem musím konstatovat, že to chce ještě hodně práce na daném prostředí. Mnoho věcí je nedotažených. Né vše se dá nastavit snadno, tak jak byl člověk zviklý v Gnome2. Velmi nerad si zde též stěžuji, ale několikrát mi Gnome3 přestalo reagovat na cokoliv. Vše vyřešila až vražda Xorg. Ve fórech se zmiňuje tato chyba. Celkově mě odezvy prostčedí moc neuchvátili, vyvolání menu (Aktivity - klávesou) tad. Přepínáni ploch.

Dále jsem si pohodlně nainstaloval hru urbanterror-optimized z repository playdeb, který je v Mintu již přítomen a není jej třeba přidávat. V Gnome3 je hra nehradelná FPS klesne na 29. Hra je plně hratelná v Gnome2 kde je FPS na pohodových 80ti. Po příčinách jsem radši ani nepátral.

Zkrátka pro mě dlouhodobě použitelným OS momentálně je Ubuntu 10.04.3 LTS, který má podporu až do roku 2013-04. V té době již možná budou neduhy Gnome3 vyladěny a odstraněny.
+
http://blog.smejdil.cz/2011/12/anydata-adu520l-od-ufon-v-ubuntu-10043.html">AnyDATA ADU520L od U:fon v Ubuntu 10.04.308.12.11-22:01
Již delší dobu jsem hledal nějaký mobilní internet za rozumnou cenu, pro použití na chatě, kde jsou možnosti internetu dosti špatné. Primárně je to pro rodiče, kteří maji notebook s OS Linux Ubuntu 10.04.3 LTS. Před samotným objednáním HW u U:fon jsem kontaktoval operátora, který nevěděl zda dané zařízení je funkční pod Linuxem. Ale ujišťoval mě, že výmena HW za jiný podporovaný model je možná, což mě lehce uspokojilo. Nechal jsem se též uchlácholit článkem, který vypadl z Googlu na první dotaz.

Z článku jsem použil jen některé pasáže. Uvedu zde relativně jednoduché kroky pro zprovoznění 3G internetu s tímto USB modemem.
- sudo aptitude install usb-modeswitch
- sudo /lib/udev/rules.d/61-option-modem-modeswitch.rules /etc/udev/rules.d
- sudo vi /etc/udev/rules.d/61-option-modem-modeswitch.rules
- zakomentujte (pomocí #) řádek ATTRS{idVendor}=="05c6", ATTRS{idProduct}=="1000", RUN+="modem-modeswitch
- Odpojte a znovu připojte zařízení, měla by se objevit CD-ROM mechanika
- Nastavíme NetworkManager přidáním U:fon v záložce "Mobilní širokopásmová"
Nastavení je uvedeno v dokumentaci.
- jméno: ufon
- heslo: ufon
- tel. číslo: #777
- IP: automaticky
- ověřování: PAP/CHAP
Časem doplním obrazovky nastavení NetworkManageru. Je velmi příjemné, že používání tohoto modemu je integrováno do Gnome GUI a je plně klikací. Rychlost tohoto zařízení není nikterak valná, ale přečíst si email a kouknout na net se s tím dá. Je zarážející, že U:fon nedoplní své manuály i o Linux nastavení. A když né manuály tak aspoň web. Určitě by se pár Linuxových userů rozhodlo pro daný model.

UPDATE: 20111209

Dnes jsem si modem půjčil a chtěl jsem jej testnout v novějším systému. Aktuálně používám Linux Mint 12. Tato distribuce je postavená na Ubuntu, takže naprostá většina balíčků pochází z Ubuntu 11.10. Balík usb-modeswitch jsem v systému již měl. Kopírování udev rules není nutno, po připojení USB modemu, je detekce v pořádku.

Přihlášen jsem byl v Gnome-shell, kde je NetworkManager upraven. I přesto, že se modem v menu objevil, ale nepodařilo se mi nastavit uživatele a heslo ufon. Tak jsem se odlogoval a přilogoval do Gnome Clasic (Gnome2), kde je konfigurace plně možná. Po zpětném přihlášení je Gnome-shell je modem již funkční. Tlačítko nastavit je vyšedlé.
+
http://blog.smejdil.cz/2011/12/otec-druhy-syn.html">Narození druhého syna Jonáše04.12.11-10:41

Otec a druhorozený syn Jonáš
Originally uploaded by SmEjDiL V sobotu jsme jeli do Jilemnice na kontrolu. Vše vypadalo, že se bude mimino asi loudat. Cestovaní vše zjevně změnilo. Ve 22:00 hod. praskla voda, tak jsme jeli tryskem do Jilemnické porodnice. A za dvě hodiny bylo po všem. Simona byla statečná a vše je snad v pořádku.

Jonáš Malý
4140g, 52cm, 4.12.2011 0:49

http://blog.smejdil.cz/2010/08/netflow-analyzer-and-pfflowd-pfsense.html">Netflow Analyzer and pfflowd pfSense01.12.11-23:00

UPDATE: 1.12.2011

Po nějaké době jsem chtěl opět použít NetFlow Analyzer a koukám, že tvůrci nezaháleli a maji novější verzi 9.5. Instalace probíhala obdobně jako u předchozí verze. V routeru se systémem pfSense je novější verze pfflowd, která podporuje i netflow protokol verze 9, ale pro funkční používání je třeba zapnout verzi 5. Při použití poslední verze se děje to, že se vytváří neskutečně mnoho nějakých zařízení. Po rozdílech mezi verzi 5 a 9 jsem moc nekoukal. Hlavní je že Analzer funguje jak má a umožňuje sledovat provoz protékající skrze router.

About NetFlow Analyzer
Version : 9.5
Build Number : 9500
License Info : Professional Plus - Unlimited Interfaces
License Type : Trial - Expires On 2011-12-31
Licensed to : Evaluation User
Database Used : MYSQL
Interfaces Managed : 3

Po čase provozování větší LAN např. o 50-100 stanicích, je již potřeba vědet co a jak kde v síti komunikuje. Né že by si někdo hrál na velkého bratra, ale je třeba mít možnost dohledat co se v síti dělo. K sledování stavových informací IP toku dat slouží protokol Netflow. Který přenáší stavové informace src, dst, srcport, dscport atd. Protokol podporuje velké množstvi síťových zařízení jako jsou Switche a Routery.

Jako firewall používám pfSence, na kterém je možno zprovoznit pfflowd, který posílá UDP Netflow datagramy na server, kde běží Netflow Analyzer, což Java je aplikace, která poslouchá na portu 9996 a datagramy analyzuje a výsledky ukládá do MySQL databáze. Na portu 8080 daná aplikace umožnuje přihlášení k webovému interface, který poskytuje nahlížení na zaznamenaná data.

Aplikaci pfflowd je možno nainstalovat např. na jakýkoliv FreeBSD server nebo router.

Instalace Netflow Analyzeru lze stáhnout zde ManageEngine_NetFlowAnalyzer_8500.bin. Instalace preferuje GUI, ale je možná i v negrafickém režimu. Je to placená aplikace. Ale pro vyzkoušení existuje 30 denní evauation verze. Testoval jsem Linuxovou verzi pod Ubuntu 10.04 LTS a na žádný probém jsem nenarazil. Instalace je typická tím, že si sebou nese JRE i samotnou databázi MySQL.

About NetFlow Analyzer
Version : 8.5

Build Number : 8500

License Info : Professional Plus - Unlimited Interfaces

License Type : Trial - Expires on 2010-9-9

Licensed to : Evaluation User

Database Used : MYSQL

Interfaces Managed : 1

+
http://blog.smejdil.cz/2011/11/ip-smart-board-vs-zabbix.html">IP SMART BOARD vs Zabbix28.11.11-14:19
Starý domácí termostat ke kotli mám umístěn na velmi nevhodném místě za dveřmi a dráty pro signalizaci NO, CAM jsou vyvedeny právě zde a měnit jejich umístění je nemožné bez sekání. Rozhodl jsem se pořídit jiný termostat a volba padla na IP SMART BOARD od společnosti Mikrovlny s.r.o.

Se zařízením jsem měl menší problémy, které vyůstily k reklamaci daného kusu. Nespínalo relé při hlídané hodnotě. Ani výměna firmware nezabrala. Po výměně vadného kusu se s ním ještě učím :-), ale již hlídá plynový kotel a je příjemné si nastavovat doma topení po netu.

Nedalo mi to a destičku sledují pomocí SNMP verze 1 v monitorovacím systému Zabbix. Na stránce s MIB hodnotami je popis jednitlivých hodnot.

snmpwalk -Os -c public -v 1 192.168.10.101 0.1.3.6.1.4.1.21287.16.1.0
ccitt.1.3.6.1.4.1.21287.16.1.0 = STRING: "20.5"

V Zabbixu, jsem vytvořit template Template_IP_SMART_BOARD.xml. Definuje 18 hodnot dle MIB definice a 4 grafy. Využívám 2 teplotní čidla s tím že další je na desce, ale to hlídá teplotu desky, která se někdy zahřeje, proto není vhodné pro měření. Desku napájím pomocí PoE. Zajimavé hodnoty jsou z čidel a pak výstupní stav, kde vidím, zda kotel topíl a díky zabbixu vidím i od kdy do kdy.

Dané zařízení má své webové rozhraní, kde je možno sledovat stav relé a hodnoty čidel včetně maxima a minima atd.

Aktuálně používám konfiguraci využívající "Programable output".
např.
Mo,Tu,We,Th,Fr,Sa,Su,6:30,20.5
Mo,Tu,We,Th,Fr,Sa,Su,21:00,18.5

Bohužel nikde v dokumentaci nepíšou, že stávající firmware pro fungovaní "Programable output" vyžaduje připojena obě teplotní čidla, což naštěsí je můj případ.

Podrobná dokumenraci IP SMART BOARD je na stránkách výrobce.

Zd e mám ke stažení oba distupné firmware. Do konce roku má prý vyjít opravný 1.0.3.

Template v Zabbixu definuje samotné Items, ale i vybrané čtyři grafy.
+
http://blog.smejdil.cz/2011/11/zabbix-189.html">Zabbix 1.8.928.11.11-13:42
Máme tu novu verzi monitorovacího systému Zabbix a tou je verze 1.8.9.

Releace Notes popisuje opravu mnoha chyb a taktéž přináší i nějaké novinky.

Aktualizoval jsem ze src dva servery. Zabbix server+frontend a Zabbix proxy + Agenty.

29709:20111128:125356.963 Starting Zabbix Server. Zabbix 1.8.9 (revision 23398).
29709:20111128:125356.964 ****** Enabled features ******
29709:20111128:125356.964 SNMP monitoring: YES
29709:20111128:125356.964 IPMI monitoring: YES
29709:20111128:125356.964 WEB monitoring: YES
29709:20111128:125356.964 Jabber notifications: YES
29709:20111128:125356.964 Ez Texting notifications: YES
29709:20111128:125356.964 ODBC: YES
29709:20111128:125356.964 SSH2 support: YES
29709:20111128:125356.964 IPv6 support: NO
29709:20111128:125356.964 ******************************

22517:20111128:131104.090 Zabbix Proxy stopped. Zabbix 1.8.9 (revision 23398).
22617:20111128:131104.100 Starting Zabbix Proxy (active) [proxy-zbx]. Zabbix 1.8.9 (rev
ision 23398).
22617:20111128:131104.100 **** Enabled features ****
22617:20111128:131104.100 SNMP monitoring: YES
22617:20111128:131104.100 IPMI monitoring: YES
22617:20111128:131104.100 ODBC: YES
22617:20111128:131104.100 SSH2 support: YES
22617:20111128:131104.100 IPv6 support: NO
22617:20111128:131104.100 **************************
+
http://blog.smejdil.cz/2011/11/winexe-na-ubuntu-nebo-lmde.html">winexe na Ubuntu nebo LMDE22.11.11-13:54
Projekt
http://sourceforge.net/projects/winexe/

wiki
http://en.wikipedia.org/wiki/WinExe

Help build on ubuntu or debian - tested compile on LMDE
http://mpov.timmorgan.org/winexe-on-ubuntu

sudo apt-get install build-essential autoconf checkinstall
svn co http://dev.zenoss.org/svn/trunk/wmi/Samba/source
cd source
wget https://gist.github.com/raw/843062/5bb87c4fa13688f65ca8b1e54fc42676aee42e5a/fix_winexe_service.diff
patch -p0 -i fix_winexe_service.diff
./autogen.sh
./configure
make proto bin/winexe
sudo cp bin/winexe /usr/local/bin/

ready for used :-)
+
http://blog.smejdil.cz/2011/11/openssl-library-error-follows-values.html">OpenSSL library error follows - values mismatch21.11.11-13:35
Řešil jsem standartní výměnu SSL certifikátu u webserveru Apache. Po domluvě s osobou, co certifikační řízení řešil u CA Thawte jsem mu vytvořil nové CSR dle zvyklostí.

openssl genrsa -des3 -out www.domena.cz.key 2048
openssl req -new -key www.domena.cz.key -out www.domena.cz.csr
openssl rsa -in www.domena.cz.key -out www.domena.cz.key-decrypt

Posléze jsem certifikáty přenesl na webserver a restartoval jej a ejhle, Apache nenaběhl s hláškou:

[Mon Nov 21 12:36:16 2011] [error] mod_ssl: Init: (www.domena.cz:443) Unable to configure RSA server private key (OpenSSL library error follows)
[Mon Nov 21 12:36:16 2011] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Je vhodné vždy prověřit, zda je modulus stejny u klíče (key), certifikátu (crt) a požadavku (csr)!!!

openssl x509 -noout -text -in www.domena.cz.crt -modulus
openssl rsa -noout -text -in www.domena.cz.key -modulus
openssl req -noout -text -in www.domena.cz.csr -modulus

Muj problem byl v tom, že mi pán zaslal jiný cert, než bylo domluveno :-(
+
http://blog.smejdil.cz/2011/11/feitian-epass-pki-token.html">Feitian ePass PKI token16.11.11-22:30
Kolega nalezl tento USB token Feitian ePass PKI token na jednom francouském shopu. Již dříve jsem po obdobném HW toužil. Pátral jsem zda by jej nechtělo koupit více lidí, ale ve finále měl danej shop pouze dva kousky. Celkově dva USB tokeny s poštovným stály 78,53EUR.

K čemu taková USB fleška je :-) ? Vypadá sice jako fleška, ale uvnitř je čtečka Smard Card - Feitian R-310 a Feitian PKI smartcard (FTCOS / PK-01C). Na token je možno uložit certifikát nebo ssh klíč. Výhodou je, že se dá RSA klíč přímo generovat na daném zařízení s tím, že privátní klíč nikdy token neopustí, což je jedna z klíčových vlastností .

Spolu s tokenem bylo dodáno i malé 92M CD s dokumentací. Aktuální ISO obraz je dostupný zde.

Hnedle co jsem jej dostal do ruky, strčil jsem jej do USB.

Nov 14 13:35:44 ntb kernel: [19615.418112] usb 5-1: New USB device found, idVendor=096e, idProduct=0503
Nov 14 13:35:44 ntb kernel: [19615.418115] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Nov 14 13:35:44 ntb kernel: [19615.418117] usb 5-1: Product: SCR301
Nov 14 13:35:44 ntb kernel: [19615.418119] usb 5-1: Manufacturer: Feitian
Nov 14 13:35:44 ntb mtp-probe: checking bus 5, device 5: "/sys/devices/pci0000:00/0000:00:1d.0/usb5/5-1"
Nov 14 13:35:44 ntb mtp-probe: bus: 5, device: 5 was not an MTP device

Pro práci s tokenem budeme v Linux/UNIX systémech potřebovat free software OpenSC. Výrobcem tokenu je spolešnost Feitian. Ovladač FTCOS/PK-01C v OpenSC se jmenuje "entersafe", více je popsáno zde.

Nejprve jsem si instaloval tyto balíky v distribuci LMDE. K OpenSC je ječtě třeba ovladač čtečky atd. pcsc+ccid.

sudo aptitude install opensc
sudo aptitude install libccid
sudo aptitude install libacsccid1
sudo aptitude install pcsc-tools
sudo aptitude install pcscd

Kominikace s čtečkou mi nějak nefungovala, proto jsem si manuálně zkompiloval aktuální verzi. Popis instalace pěkně zdokumentován na GOOZE.

Ověření instlace je dokumentováno zde. LMDE verze.

opensc-tool --verbose --info
opensc 0.12.1 [gcc 4.6.1]
Enabled features: zlib openssl pcsc(libpcsclite.so.1)

Aktuální manuálně kompilovaná verze.

opensc 0.12.2 [gcc 4.6.1]
Enabled features: zlib readline openssl pcsc(libpcsclite.so.1)

Vypíšeme si čtečky --list-readers, -l Lists all configured readers

opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Feitian SCR301 00 00

Inicializace karty je opět pěkně zdokumentována zde.

Vypíšeme si ATR ma kartě --atr, -a Prints the ATR bytes of the card

opensc-tool --atr
Using reader with a card: Feitian SCR301 00 00
3b:9f:95:81:31:fe:9f:00:65:46:53:05:30:06:71:df:00:00:00:80:6a:82:5e

Vypíšeme si seriové číslo karty. --serial Prints the card serial number

opensc-tool --serial
Using reader with a card: Feitian SCR301 00 00
29 15 33 21 10 23 08 11 ).3!.#..

Preventivě smažeme kartu, na které od výrobve stejně nic není. Prověříme tím komunikaci čtečky s smart card.

pkcs15-init -vE
Using reader with a card: Feitian SCR301 00 00
Connecting to card in reader Feitian SCR301 00 00...
Using card driver entersafe.
About to erase card.

Dále si na kartě inicializujeme profil, nastavíme pin a puk

pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --pin 1234 --puk 654321 --label "Jan Novak"

Pomocí dump si vypíšeme co Smard Card obsaduje.

pkcs15-tool --dump
Using reader with a card: Feitian SCR301 00 00
PKCS#15 Card [Jan Novak]:
Version : 0
Serial number : 2915332110230811
Manufacturer ID: EnterSafe
Last update : 20111115124249Z
Flags : EID compliant

PIN [User PIN]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x32], local, initialized, needs-padding
Length : min_len:4, max_len:16, stored_len:16
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path : 3f005015

Můžeme do karty importovat existující RSA klíč, který musíme nejprve dešifrovat.

openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
Enter pass phrase for /home/novak/.ssh/id_rsa:
writing RSA key

Posléze jej uložíme na Smard Card.

pkcs15-init --store-private-key id_rsa.pem --auth-id 01 --pin 1234

Lepší možnost je si klíč generovat přímo na token.

pkcs15-init --generate-key 2048-rsa --auth-id 01 --pin 1234

Veřejný klíč si vygenerujeme následovně. Návod opět zde. Vypíšeme si nejprve informaci o veřejném klíčí na smard card.

pkcs15-tool --list-public-keys
Using reader with a card: Feitian SCR301 00 00
Public RSA Key [Public Key]
Object Flags : [0x2], modifiable
Usage : [0x4], sign
Access Flags : [0x0]
ModLength : 2048
Key ref : 0
Native : no
Path : 3f0050153000
ID : c70982******a14eb3

pkcs15-tool --read-ssh-key c70982******a14eb3

Using reader with a card: Feitian SCR301 00 00
2048 65537 259843******67908u
ssh-rsa AAAAB3Nz******Bw2Tfg

Pak se již můžeme přihašovat na vzdálený server pomocí Secure Shell.

ssh -v -I /usr/lib/opensc-pkcs11.so server.domena.cz

Provider tokenu je možno zavést do patřičného souboru.

vim ~/.ssh/ssh_config
PKCS11Provider /usr/lib/pkcs11/opensc-pkcs11.so

Alternativy USB tokenu, u kterých se o Linuxu moc nepíše, ale funkční pod OpenSC budou.
- CryptoMate ACOS5-CTM cz shop
- SafeNet eToken 5000 cz shop
- SafeNet eToken 1032 cz shop
Tyto alternativy jsem si zde uvedl jen proto, že jsem na rychlo hledal, zda se da nějaký USB token koupit v čechach. Patrně nebudou fungovat pod Linuxem.
+
http://blog.smejdil.cz/2011/11/networkmanager-vs-pfsense-openvpn.html">NetworkManager vs pfSense OpenVPN11.11.11-15:13
Doposud jsem se domů připojoval jen pomocí Secure Shell a když bylo třeba pomoci Wake on LAN jsem si zapnul domácí PC. Jelikož se občas potřebuji připopjit domů a dostat se na nějaké to domací HTTP je již potřeba VPN.

Oblíbený router pfSense založený na FreeBSD má podporu několika VPN implementací. Testnul jsem právě OpenVPN. Jako velký pomocník mi byl tento návod. Který mě navedl na použití velmi užitečné aplikace TinyCA, která mi výrazně usnadnila vytvoření všech certifikátů pro server i pro klienta.

Samotné certifikáty jsem si nastavil v oblíbené aplikaci NetworkManager, který je dnes již v mnoha distribucí a výrazně usnaddnuje práci s připojením kde kam :-)

WebSphere - WebSphere Portal

The latest updates about WebSphere Portal

+
7.0.0.2-WP-WCM-Combined-CFPM53921-CF01121.02.12-09:38
IBM WebSphere Portal and Web Content Management V7.0.0.2 Combined Cumulative Fix 011, updated Readme
+
Error messages in Wily indicating VP_DESC table is unable20.02.12-15:15
If you use Wily or some other performance monitoring tool, you may find repeated messages for a failed SQL statement against the VP_DESC table in Portal. The error will indicate the VP_DESC table is unavailable.
+
Portal 615 install fails on Window 7 with an Array index out of range: 3136 exception20.02.12-12:04
Attempts to install Portal 6.1.5 on Windows 7 results in a Array index out of range: 3136 exception
+
CONFIG-WP-PTF-6013 upgrade task fails when attempting an upgrade and using an Oracle database20.02.12-10:18
During an IBM(R) WebSphere(R) Portal upgrade attempt, the upgrade task fails. Oracle(R) is used as the Portal database.
+
Configuration Changes and Options introduced in WP/WCM V7.0.0.1 and 7.0.0.2 Combined Cumulative Fixes17.02.12-14:57
To address some changes or updates in code, occasionally there are new options added that must be manually added or configured to use them. This page provides a list of those changes delivered in the CFs and integrated into the fix pack.
+
IBM WebSphere Portal 7.0.0.2 Combined Cumulative Fix Readme - stand-alone17.02.12-14:48
IBM WebSphere Portal 7.0.0.2 Combined Cumulative Fix stand-alone installation instructions for all editions, including WebSphere Portal Express.
+
IBM WebSphere Portal 7.0.0.2 Combined Cumulative Fix Readme - cluster17.02.12-14:47
IBM WebSphere Portal 7.0.0.2 Combined Cumulative Fix cluster installation instructions for all editions, including WebSphere Portal Express- Idle Standby.
+
IBM WebSphere Portal 7.0.0.2 Combined Cumulative Fix Previous Known Issues17.02.12-14:47
This document contains a list of known issues for previous WebSphere Portal 7.0.0.2 Combined Cumulative Fixes. For current known issues for the latest WebSphere Portal 7.0.0.2 Combined Cumulative Fix, please see the WebSphere Portal 7.0.0.2 Combined Cumulative Fix Readme.
+
7.0.0.1-WP-WCM-Required-Recommended-Fixes17.02.12-13:43
Group of Recommended or Required Fixes for WebSphere Portal and Lotus Web Content Management version 7.0.0.1
+
7.0.0.2-WP-WCM-Required-Recommended-Fixes17.02.12-13:42
Group of Recommended or Required Fixes for WebSphere Portal and Lotus Web Content Management version 7.0.0.2
+
7.0.0.1-WP-WCM-Combined-CFPM53918-CF01117.02.12-12:42
IBM WebSphere Portal and Web Content Management V7.0.0.1 Combined Cumulative Fix 011
+
7.0-WP-UpdateInstaller-Universal16.02.12-14:58
WebSphere Portal UpdateInstaller for Version 7.0x, not specific to any Operating System
+
7.0-WP-UpdateInstaller-AIX16.02.12-14:42
WebSphere Portal UpdateInstaller for Version 7.0x, for IBM AIX (includes Java runtime)
+
7.0-WP-UpdateInstaller-i16.02.12-14:24
WebSphere Portal UpdateInstaller for Version 7.0x, for IBM i
+
7.0-WP-UpdateInstaller-Linux-x8616.02.12-14:23
WebSphere Portal UpdateInstaller for Version 7.0x, for Linux on x86 (includes Java runtime)
+
7.0-WP-UpdateInstaller-Linux-POWER16.02.12-14:23
WebSphere Portal UpdateInstaller for Version 7.0x, for Linux on POWER systems, such as System i or System p (includes Java runtime)
+
7.0-WP-UpdateInstaller-Linux-z16.02.12-13:51
WebSphere Portal UpdateInstaller for Version 7.0x, for Linux on System z (includes Java runtime)
+
7.0-WP-UpdateInstaller-Solaris-SPARC16.02.12-13:50
WebSphere Portal UpdateInstaller for Version 7.0x, for Sun Solaris on SPARC (includes Java runtime) - Sun on x86 requires the Universal UpdateInstaller
+
7.0-WP-UpdateInstaller-Windows16.02.12-13:49
WebSphere Portal UpdateInstaller for Version 7.0x, for Microsoft Windows (includes Java runtime)
+
7.0-WP-UpdateInstaller-ZOS16.02.12-13:39
WebSphere Portal UpdateInstaller for Version 7.0x, for IBM z/OS
+
EJPSB0107E: Exception occurred while retrieving the identity of the domain admin user/admingroup16.02.12-10:10
WebSphere Portal fails to start because it cannot find the administrative user in the realm.
+
Open Mic Webcast: Troubleshooting WebSphere Portal performance issues with Visual Configuration Explorer and the Health Center - 3 April 201215.02.12-15:42
IBM will host an Open Mic webcast with Lotus Development and Support Engineers on 3 April 2012. The topic will be "Troubleshooting WebSphere Portal performance issues with Visual Configuration Explorer and the Health Center ."
+
PM58126: FILETRANSFERAPPLET GENERATES MULTIPLE REQUESTS RESULTING IN 404 RESPONSE CODES15.02.12-01:00
Saving content will generate http requests for the following files which dont exist in the FileTransferApplet
+
run-svrssl-config task fails on getCACert14.02.12-11:31
ConfigEngine task run-svrssl-config fails because of a NullPointerException in getCACert.
+
Portal startup problem after successful database-transfer to DB2 on z/OS13.02.12-09:48
After a successful [<tt>]database-transfer[</tt>] to IBM(R) DB2(R) on z/OS(R), IBM WebSphere(R) Portal will not start properly. The SystemOut.log shows the following: [<tt>][2/26/07 12:09:07:899 CST] 0000000a DataStoreCont E com.ibm.wps.datastore.impl.DataStoreContext handleException EJPDB0099E: Error occurred during database access. Last SQL statement is [SELECT OID, CREATED, MODIFIED, RES_TYPE, EXTERNAL_OID, EXTERNAL_UID, PARENT_OID, OWNER_TYPE, OWNER_UID, INHERITANCE, PROPAGATION, ...
+
Terms of Use01.01.70-01:00
Terms of Use

WebSphere - WebSphere Application Server

The latest updates about WebSphere Application Server

+
PM08491; 7.0.0.17: Performance of outbound channels on udp channel framework22.02.12-12:36
The UDP Channel runs inefficiently when multiple threads are used to process UDP packets.
+
7.0.0.19-WS-WAS-MultiOS-IFPM5400620.02.12-16:14
Deleting a single module from a deployed application may cause update extraction errors.
+
Education: Join Ask the Experts on Installation in WebSphere Application Server20.02.12-13:13
You are invited to an IBM Ask the Experts discussion about Installation in WebSphere Application Server on 15 March 2012 at 11:00 AM EDT. This Ask The Experts Session covers common questions and issues in the installation of WebSphere Application Server V8 and the included packages using installation manager. The session also answers questions regarding WebSphere Application Server V7 and V6.1, although the main focus is on the latest release.
+
PM58060: SHIP SDK APARS IV11263, IV11286 and IV11305 as WSAS IFIX20.02.12-13:13
SHIP SDK APARS IV11263, IV11286 and IV11305 as WebSphere Application Server interim fix.
+
Multiple managed Web servers cause startup issue using admininstrative console20.02.12-12:09
When multiple Web servers are managed through a single WebSphere(R) Application Server node, it may not be possible to start or stop all Web servers from that Application Server's administrative console. Example: User creates two IBM(R) HTTP Server configurations ( []webserver1[] and []webserver2[] ). From the administrative console, it is possible to start []webserver1[], but it is not possible to start []webserver2[].
+
Configuring the "mapport" feature of Edge Components Load Balancer20.02.12-12:06
How do I configure my advisors when using the Load Balancer "mapport" feature in IBM WebSphere Edge Server?
+
High availability configuration and the timing of the reach advisor20.02.12-12:02
Even though both the primary and backup load balancer machines recognize that a server is marked down, the timing of when the server is marked down in the reach advisor might cause a takeover.
+
7.0.0.1-WS-WAS-IFPM5131020.02.12-05:34
In a pubsub environment in the absence of local consumer if the messages do not get processed in order then once the messages with lower ticks get processed by the consumer of the
+
Installation Manager shows the error messages for IBM SDK during applying FixPack for WASV8.019.02.12-23:58
After installing WAS V8 fixpacks, the error message "Installation Manager cannot remove feature IBM 64-bit SDK for Java, Version 6 from the installation package. The feature is a required component." may be recorded in the log file of the Installation Manager. You can check the Installation Manager's log from File > View Log. Example: ----------- 139 ERROR 07:15.30 Installation Manager cannot remove feature IBM 64-bit SDK for Java, Version 6 from the installation package.The feature is a r...
+
7.0.0.15-WS-WAS-IFPM4257518.02.12-10:04
Duplicated configuration session or workspace IDs are created during concurrent application sever start-ups.
+
Support Statement for Solaris Zones with WebSphere Application Server17.02.12-12:56
What is the support statement for Solaris Zones and the IBM(R) WebSphere(R) Application Server?
+
Potential native memory use in reflection delegating classloaders16.02.12-19:31
A high number of classloaders of type sun/reflect/DelegatingClassLoader, which are used to load sun/reflect/GeneratedMethodAccessor<N> classes, can indicate a potential large native memory footprint.
+
Education: Join Ask the Experts on Application Management in WebSphere Application Server15.02.12-16:27
You are invited to an IBM Ask the Experts discussion about Application Management in WebSphere Application Server on 13 March 2012 at 11:00 AM EDT. WebSphere Application Server run-time provides several administrative tools to manage enterprise applications such as the administrative console, the wsadmin scripting tool and the ability to use WebSphere JMX API programmatically . This webcast covers various types of questions on Application Management in WebSphere Application Server.
+
8.0.0.0-WS-WASJavaSDK-LinuxX64-IFPM5806015.02.12-11:21
SHIP SDK APARS IV11263 & IV11286 AND IV11305 AS WSAS IFIX
+
8.0.0.0-WS-WASJavaSDK-LinuxX32-IFPM5806015.02.12-11:13
SHIP SDK APARS IV11263 & IV11286 AND IV11305 AS WSAS IFIX
+
8.0.0.0-WS-WASJavaSDK-AixPPC64-IFPM5806015.02.12-10:49
SHIP SDK APARS IV11263 & IV11286 AND IV11305 AS WSAS IFIX
+
8.0.0.0-WS-WASJavaSDK-AixPPC32-IFPM5806015.02.12-10:42
SHIP SDK APARS IV11263 & IV11286 AND IV11305 AS WSAS IFIX
+
An OutOfMemoryError produces a system dump starting in WebSphere Application Server 8.0.0.214.02.12-11:58
Why does an OutOfMemoryError (OOM) create a system dump starting in WebSphere Application Server (WAS) 8.0.0.2?
+
7.0.0.21-WS-WAS-IFPM4828613.02.12-17:50
SSL connections were using more memory than required.
+
7.0.0.15-WS-WAS-IFPM4828613.02.12-17:50
SSL connections were using more memory than required.
+
PM55170; 8.0.0.2: The time to federate a node takes up to 90% longer13.02.12-13:21
The time to federate a node takes up to 90% longer.
+
PM51889; 8.0.0.2: Decrease cluster startup time13.02.12-13:17
Excessive JIT compilation increases the start time of servers and clusters.
+
NMSV0307E: Naming error seen when using the embeddable EJB Container in J2SE program10.02.12-12:12
When writing a J2SE program that performs java:comp lookups using the embeddable EJB container, you must remember that java:comp is only accessible within an EJB method. If you attempt to lookup a java:comp name directly from the main method, you will get an NMSV0307E error.
+
7.0.0.21-WS-WASND-IFPM5023209.02.12-13:51
SIP Proxy does not re-use inbound client TCP/TLS connections for outbound requests.
+
Knowledge Collection: Java Message Service (JMS) for WebSphere Application Server09.02.12-12:56
This Knowledge Collection is a focused compilation of links to documents for Java Message Service (JMS).
+
Terms of Use01.01.70-01:00
Terms of Use

SANS Internet Storm Center, InfoCON: green

+
ISC Feature of the Week: Handler Diaries, (Wed, Feb 22nd)22.02.12-22:48
Internet Storm Center features daily handler diaries with summarizing and analyzing new threats to networks and internet security events. Diaries range from 0day vulnerability announcements to the latest software update releases. If it's security related, we'll probably put up a diary about it!
The ISC homepage https://isc.sans.edu always displays the last 24 hours of diaries. The top and bottom of every diary, wherever it is listed, contains a previous/next navigation link that will iterate through all the diaries in order. You can click the title to view the full diary page.
What's in a Diary?
A Diary title is always an active link so you can right-click and copy to send to a friend or co-worker you think would be interested in the information. Alternatively, there is a Share menu to the right of the title if you want to publicly share on any number of social networking sites!!
Under the title you will see the original published date and the last updated date if any changes have been logged to the diary. Below that you will see the name of the handler that authored the diary and version number. The Rate this diary is currently disabled but should be back soon.
The number of comments displays how many comments have been added and is a link that will take you straight to the comments section below the diary. You can leave a comment if you are logged to your ISC/DShield account. Not logged in? No worries, just click the link, login and you should be brought right back to leave your comment. The Alias will default to what you have set in Your Information https://isc.sans.edu/myinfo.html but you can change it to whatever you want. Every comment is vetted by the handlers and inappropriate or blatant ads are removed.
The diary content will vary. It can contain anything from just a few lines of text, sometimes with web links, to a full tutorial with illustrated graphics. A handler will have their own custom signature at the end of every diary posted. If an announcement is short and doesn't require a lot of detail, a handler may post a oneliner which is highlighted with a different background/border and generally just one sentence.
A Keywords list follows the diary content. This is a individually linked list that will take you to a page displaying a table of all the diaries that contain that same keyword, along with the date published and author.
How can I find past dairies?
The easiest way to find past diaries is to search for keywords as explained here https://isc.sans.edu/diary/ISC+Feature+of+the+Week+ISC+Search/12496. ALL the diaries can be listed by date on the Diary Archives page https://isc.sans.edu/diaryarchive.html. This is useful if you know the general timeframe or title text of a specific diary or just want to skim titles as an entire month is shown at once.
The site footer always contains some of the most recent Diary Archives in the center as well as a link to all the archives page. The homepage also lists some more of the most recent diaries as well as a link to the Diary Archives page https://isc.sans.edu/diaryarchive.html. There is also a link to the archives after every comment section on the diary page.
How can I get these diaries you speak of?
Well, you can make https://isc.sans.edu your default browser page so you don't miss anything.
You can also receive full or title only diaries by subscribing in your favorite RSS reader. The links can be found here https://isc.sans.edu/xml.html#rss

Let us know in the section below if you have suggestion or feeback about our diaries or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html
--

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
Apache 2.4 Features, (Wed, Feb 22nd)22.02.12-14:59
- more granular logging. Logging is always a tedious and often overlooked security component. Apache 2.4 will allow for log levels to be configured on a per-directory level.
- various changes to timeouts. We had a number of tools over the last few years that attacked web servers by exhausting connections. The new timeout changes may help with that, but over all, I don't think there is a simple fix for this problem.
- changes to the proxy configuration. Some use apache not just as a web server, but as a proxy to restrict access to resources, or as a load balancer. This can help with security, but in the past, bugs in Apache's implementation of these features has caused problems.
- Apache now includes a mod_session that will have Apache take care of sessions. This includes support for encrypted sessions, and support for session based authentication. Really have to see how this will all work in more detail. It appears that headers will be used to add data to sessions. This could be a new opportunity to exploit http response splitting. Note that the session information may be stored on the client, not just the server. Unencrypted sessions on the client could pose interesting security issues.
- mod_ssl has been improved to allow it to check for invalid client certificates via OCSP.
Version 2.4.1 is now available for download. I recommend you start testing it, but hold off on using it in production until some of the features have been debugged.
[1] http://httpd.apache.org/docs/2.4/new_features_2_4.html
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
ISC StormCast for Wednesday, February 22nd 2012 http://isc.sans.edu/podcastdetail.html?id=2344, (Wed, Feb 22nd)22.02.12-03:33
+
How to test OS X Mountain Lion's Gatekeeper in Lion, (Wed, Feb 22nd)22.02.12-03:16
iOS uses a pretty simple and effective security model to fight malware: Whitelisting. All software installed on an iOS device has to be digitally signed. In order to be digitally signed, the software has to be reviewed by Apple. Only software that uses standard Apple vetted APIs is considered trustworthy to be signed, making it difficult to sneak in malicious code. If malicious software slips through, it can be recalled later.
Over the last few years, the opposite model, blacklisting (Anti Malware) has failed spectacularly. Even many desktop users now use third party whitelisting software which is usually more granular then what Apple proposes.
Apple's approach allows for essentially three different settings:
- Only allow Apple approved software (pretty much what iOS does)

- allow Apple approved software, but also allow software signed with specific additional certificates (you could use this to sign your own software. Kind of like accepting the certificate from an iOS developer for testing)

- allow all software (pretty much unlocked in iOS terms)
There are some specific limitations to Apple's approach:
- the signatures are only tested during install. If malicious software passes the install, it will not be inspected further.

- only executables are checked. A malicious PDF may still cause havoc, even if it may no longer be able to then download and install additional malware

The best part in my opinion is that the functionality was already pushed out to systems as part of the last OS X update (10.7.3). So you can already experiment with the feature and see how well it works (or doesn't work). I am running it now for a while off and on and so far, haven't experienced any ill effects, aside from it blocking me once or twice from installing software. Each time, I just disabled it temporarily (which could be considered a weakness).
The command line utility spctl can be used to enable or disable the feature. spctl --enable will enable it, spctl --disable disable it. You need to be root to run the utility.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
ISC StormCast for Tuesday, February 21st 2012 http://isc.sans.edu/podcastdetail.html?id=2341, (Tue, Feb 21st)21.02.12-03:58
+
DNSChanger resolver shutdown deadline is March 8th, (Mon, Feb 20th)21.02.12-00:05
With the FBI's March 8th deadline for disabling the DNSChanger resolvers rapidly approaching, the predictable fearmongering is beginning in the blogosphere and the regular press. Rest assured that DNSChanger infected a relatively small number of computers compared to most infections, and turning off the temporary resolvers will barely be blip on the Internet. There are some suggestions that the FBImay extend this deadline to permit companies to complete their cleanup. Frankly Iam on the fence about whether or not an extension is a good idea. Icertainly don't want to entertain the possibility that the companies that Ido business with, and entrust my personal information to, may take more than 4 months to cleanup a known malware infection.
The fact is that DNSChanger has provided us a rare opportunity. DNSChanger itself never reached its full potential because of the FBI's intervention, but analysis of DNSChanger infected computers has revealed that computers infected with DNSChanger are nearly always infected with a range of other malware including malware that disables automatic updates and antivirus products. Others have been found with credential stealing Trojans and rootkits. Certainly the detection of this sort of malware should result in immediately taking the computer off the network and rebuilding it.
The symptoms of a DNSChanger malware infection are relatively easy to detect. From shortly after the FBI's Operation Ghost Click was revealed, the DNSChanger Working Group (DCWG) provided instructions on how to determine if your computer is infected, and shadowserver.org has made reports available which permit anyone who owns their own address space to reliably detect the presence of DNSChanger infections, and by extension associated malware.
In the last month or so another way of detecting DNSChanger infected computers has been made available. Several countries have launched eyechart sites which will tell you if the machine you are on is infected with malware. For the most part these sites follow the pattern of dns-ok.CC where CC is the country code of the hosting country. Some that are available are dns-ok.us (U.S.), dns-ok.ca (Canada), dns-ok.de (Germany), dns-ok.be (Belgium) and Iam sure many others. They all follow a familiar pattern. If the site is a friendly green your computer is not infected with DNSChanger, a not so friendly red requires further investigation.
One caveat. It appears that in relatively rare circumstances, DNSChanger may infect SOHOrouters. So although the eyechart may be red, it may not be the computer you are on that is infected. It may be the router. Either way you know that some investigation is warranted.
Please consider using these available tools to cleanup malware infections on your network...before the FBIturns off the resolvers.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
Simple Malware Research Tools, (Mon, Feb 20th)20.02.12-17:46
That's definitely a really broad question, because sometimes each malware may need a different approach. However, there are some simple tools that can help on a first approach and sometimes will give all the answers you need, without the need to go deeper on more complete debuggers and disassemblers as OllyDbg and IDA Pro, which by the way are two great tools!
For this diary I am not considering exploits, like pdf or java exploits, but just plain PE files ( EXE and DLLs).
As part of my first look kit I use the pescanner python script from Malware Analysis Cookbook, which the authors made available here.
This script can give you some valuable information about the PE file, like the PE Sections, Version information (if available), and compilation date. Because there are some known bad indicators, the script will also print out the [SUSPICIOUS] word when it finds one of those indicators, such as strange compilation date, and strange entropy values found on the PE Sections.
Once you are used to the analysis, a simple look on this will help you to identify possible malicious files. Since it was based on Ero Carrera's pefile python module, you can modify and add additional features if you think is necessary. One addition I did on mine was to show if the file contains an overlay. On a few situations you should see valid overlay in files, and it is very common to find parasitic virus including its code as an overlay on the PE file.
Another great tool that I use is called HIEW (Hacker's View) hex editor. It is a really complete old-style tool. I mean old style because it uses a DOS window, there is no GUI...:)
It has a lot of features, from a complete HEX editor, an ASCII view of the file, and a Decode view, where you are presented with a disassembler. It also contains several shortcuts with pre-defined functions, as to show you the basic PE information, the number of sections, the entry point address and much more.
It also allows you to go straight to section you want or jump to a specific address on the file, list the imports and exports and even edit the file.
It is a paid tool available here, but it contains a free version (6.50) which does not contain all features but can definitely give you a feel of it.
There was a open source product called Biew that had almost the same features of Hiew, but seems that it is not being updated since 2009.
Another tool that I've been checking lately is called HT Editor, that is a promissing project. It still doesnt have a lot of feaures but I like it. You may check it here
Enjoy!
------------------------------------------------------------
Pedro Bueno (pbueno /%%/ isc. sans. org)
Twitter: http://twitter.com/besecure (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
ISC StormCast for Monday, February 20th 2012 http://isc.sans.edu/podcastdetail.html?id=2338, (Mon, Feb 20th)20.02.12-03:17
+
The Ultimate OS X Hardening Guide Collection, (Mon, Feb 20th)20.02.12-03:04
I have recently looked over a number of OS X hardening guides, and found that not many specifically address the latest version of OS X (Lion, 10.7), nor are they necessarily well maintained. Instead of coming up with another (soon to be outdated) guide, I am trying to come up with a meta guide. If you know of a good hardening guide for OS X: Please let me know. Also, if there are any tricks that you find useful (or things that fired back and didn't work at all): Let me know too.
Most notably: Apple released a guide for each version of OS X up to Snow Leopard, but I can't find one for Lion. Does it exist?
Here are some of the guides that I have sound so far:
Apple: http://www.apple.com/support/security/guides/

NSA Guide:http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf

Mac Shadows:http://www.macshadows.com/kb/index.php?title=Hardening_Mac_OS_X

Univ. Texas:https://wikis.utexas.edu/display/ISO/Mac+OS+X+Server+Hardening+Checklist

Center for Internet Security:http://benchmarks.cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.os.unix.osx

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>
+
It is time to update your Web Browser, (Fri, Feb 17th)17.02.12-19:46
Firefox
Download:http://www.firefox.com
Release Notes:http://www.mozilla.org/en-US/firefox/10.0.2/releasenotes/
Chrome
Download:https://www.google.com/chrome
Release Notes:http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.]]>

Sorry, no items found in the RSS file :-(

Advisory Files ≈ Packet Storm

Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers

+
Red Hat Security Advisory 2012-0323-0122.02.12-03:10
Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
+
Red Hat Security Advisory 2012-0322-0122.02.12-03:10
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
+
Red Hat Security Advisory 2012-0321-0122.02.12-03:10
Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
+
Gentoo Linux Security Advisory 201202-0222.02.12-03:10
Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.
+
Red Hat Security Advisory 2012-0309-0321.02.12-16:41
Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.
+
Red Hat Security Advisory 2012-0310-0321.02.12-16:40
Red Hat Security Advisory 2012-0310-03 - The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this flaw to corrupt the mtab file.
+
Red Hat Security Advisory 2012-0153-0321.02.12-16:39
Red Hat Security Advisory 2012-0153-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements.
+
Red Hat Security Advisory 2012-0311-0321.02.12-16:37
Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
+
Red Hat Security Advisory 2012-0313-0321.02.12-16:36
Red Hat Security Advisory 2012-0313-03 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled.
+
Red Hat Security Advisory 2012-0312-0321.02.12-16:35
Red Hat Security Advisory 2012-0312-03 - The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash.
+
Debian Security Advisory 2413-121.02.12-16:35
Debian Linux Security Advisory 2413-1 - Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.
+
Red Hat Security Advisory 2012-0168-0121.02.12-16:34
Red Hat Security Advisory 2012-0168-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.
+
Red Hat Security Advisory 2012-0301-0321.02.12-16:33
Red Hat Security Advisory 2012-0301-03 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code.
+
Red Hat Security Advisory 2012-0304-0321.02.12-16:32
Red Hat Security Advisory 2012-0304-03 - The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack.
+
Red Hat Security Advisory 2012-0305-0321.02.12-16:32
Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
+
Red Hat Security Advisory 2012-0151-0321.02.12-16:31
Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.
+
Red Hat Security Advisory 2012-0302-0321.02.12-16:30
Red Hat Security Advisory 2012-0302-03 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.
+
Red Hat Security Advisory 2012-0303-0321.02.12-16:30
Red Hat Security Advisory 2012-0303-03 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack.
+
Red Hat Security Advisory 2012-0149-0321.02.12-16:29
Red Hat Security Advisory 2012-0149-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.
+
Red Hat Security Advisory 2012-0306-0321.02.12-16:29
Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
+
Red Hat Security Advisory 2012-0150-0321.02.12-16:28
Red Hat Security Advisory 2012-0150-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.
+
Red Hat Security Advisory 2012-0307-0321.02.12-16:28
Red Hat Security Advisory 2012-0307-03 - The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems.
+
Red Hat Security Advisory 2012-0308-0321.02.12-16:28
Red Hat Security Advisory 2012-0308-03 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.
+
Red Hat Security Advisory 2012-0152-0321.02.12-16:21
Red Hat Security Advisory 2012-0152-03 - The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.
+
Secunia Security Advisory 4808421.02.12-07:52
Secunia Security Advisory - A vulnerability has been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks.

The Hacker's Choice - Freeworld News

News around The Hacker's Choice including releases, papers, exploits and other activities

+
Hydra v6.5 is now available!15.07.11-07:06
Hydra v6.5 is now available! New: default password list script, major http-form module improvements (user defined http headers, cookie learning URL, intelligent cookie learning, etc.) - now works againt OWA :-), plus bugfixes
+
Hydra v6.4 is now available with module enhancements and ...16.06.11-06:06
Hydra v6.4 is now available with module enhancements and bugfixes
+
THC T-Shirts for 2011 can now be ordered.18.05.11-15:37
THC T-Shirts for 2011 can now be ordered. Orders must be made until the 20th of May 1pm CET. Email vanHauser AtTheGlorious thc.org. T-Shirts are reserved for friends and the coolest of the coolest. If you are unsure if you qualify as friend chances are you dont.
+
Get the new thc-ipv6 v1.6 release - lots of cool new tool...13.05.11-03:06
Get the new thc-ipv6 v1.6 release - lots of cool new tools and features! :-)
+
Hydra v6.3 is available with new oracle and smtp-enum mod...01.05.11-08:03
Hydra v6.3 is available with new oracle and smtp-enum modules, many module enhancements, bugfixes and more
+
Amap v5.4 is now available which fixes an IPv6 bug introd...20.04.11-07:04
Amap v5.4 is now available which fixes an IPv6 bug introduced in v5.3. I am getting old.
+
Amap v5.3 is now available.16.04.11-07:03
Amap v5.3 is now available. It is not supported anymore, however as there is no tool available which performs IPv6 UDP port scanning, amap was updated to better support IPv6. Have fun!
+
Hydra v6.2 is available with a new password bruteforcing ...06.04.11-06:06
Hydra v6.2 is available with a new password bruteforcing mode, new xmpp and irc module, and MD5/SHA1/.. support for a lot of modules! :-)
+
Join the THC t-shirt design contest!05.04.11-02:01
Join the THC t-shirt design contest! Submit your design until the 8th may and win! More information at http://www.thc.org/thc-contest
+
Hydra v6.1 is available with SSHv1 support, a few fixes a...03.02.11-07:01
Hydra v6.1 is available with SSHv1 support, a few fixes and mainly license updates for the Debian guys. Tested to work on Linux, Cygwin, Solaris 11, FreeBSD 8.1 and OSX.

THC Blog

+
Uninformed v10 is out14.10.08-06:25
+
The Risk of ePassports and RFID29.09.08-08:07
+
Windows Mobile file recovery HOWTO24.09.08-14:12
+
Port Scanning the Internet10.08.08-09:29
+
GSM Researcher stopped at Heathrow Airport by UK government officials17.04.08-01:31

2600: The Hacker Quarterly

The Hacker Quarterly

+
Off The Wall show for February 21, 201222.02.12-02:49
+
Off The Hook show for February 15, 201216.02.12-05:00
+
RADIO ARCHIVE NOTES11.02.12-07:33
The first of two Voice of Long Island reunion shows is now online. This was a spur of the moment reunion program with no advance warning to listeners that aired on Friday night/Saturday morning, January 3rd, 1987 from midnight to 3:00 am (the show's original timeslot during its 1981-1983 run. You can stream or download the show in high or low fidelity at this link.
+
THE YES MEN TO KEYNOTE AT HOPE NUMBER NINE31.01.12-09:39
We're happy to announce that one of our keynote addresses at HOPE Number Nine this summer will be given by The Yes Men, in what will surely be a lively, enlightening, and inspirational presentation.
+
DISCOUNTED RATES FOR HOTEL PENNSYLVANIA NOW AVAILABLE FOR HOPE DATES30.01.12-09:25
We have the special HOPE rates for Hotel Pennsylvania this July and we're happy to say that the rates are just about the same as they were last time we did this in 2010. Here's the breakdown for the nights of July 10th through July 14th: $139 - 1 bed (single or double)
$149 - 1 twin bed room
$169 - 2 beds (twins or 2 double beds)
For those staying beyond Sunday, the prices go down even more for July 15th and July 16th: $99 - 1 bed (single or double)
$119 - 2 beds (twins or 2 double beds)
HOPE Number Nine will be taking place from Friday, July 13th through Sunday, July 15th, 2012 at the Hotel Pennsylvania in New York City. To take advantage of this discounted rate (which sold out along with the entire hotel last time), call +1 212 736 5000 or ask your operator to connect you to Pennsylvania 6-5000 in New York City. (Go ahead, try it.) When you get to the reception desk, be sure to mention that you want the HOPE rate. For those of you who'd rather not use a telephone, simply go to http://tinyurl.com/hopehotel and adjust the dates of your stay accordingly within the green squares. (Make sure the Group Code says HOPE.)
+
HOPE NUMBER NINE SPEAKER SUBMISSIONS NOW OPEN19.01.12-11:35
We've opened up the submission process for speaker entries at HOPE Number Nine, to be held at the Hotel Pennsylvania in New York City from July 13th to 15th, 2012.
+
2600 WEBSITES TO GO BLACK ON WEDNESDAY17.01.12-10:51
We have decided to show our solidarity with the opponents of the SOPA and PIPA bills and black out our websites on Wednesday, January 18th.
+
HOPE NUMBER NINE PREREGISTRATION ONLINE12.01.12-19:35
We have officially opened up preregistration for the latest Hackers On Planet Earth conference: HOPE Number Nine, which will be taking place at the Hotel Pennsylvania in New York City from July 13th to July 15th, 2012. Just click here to begin the process. These tickets are still priced well below what's charged at the door, a savings of nearly 20 percent. But we believe that the full price is still an incredible bargain, considering all of the talks and fun that are found at a typical HOPE conference.
+
WINTER ISSUE OF 2600 RELEASED06.01.12-11:22
The brand new Winter issue of 2600 is now officially out in all sorts of different places and versions. Hopefully you won't have much trouble finding us in bookstores. You may have more of a challenge finding bookstores in the first place. While we're still getting over the loss of Borders, you should be able to easily find us in every Barnes and Noble and other chains, along with a whole bunch of independent bookstores and newsstands. If you're a subscriber, an issue may have already arrived at your home, office, or school. If you're more of the electronic bent, you will have already received the Winter issue if you have a Kindle subscription. You can also get a Kindle subscription in the U.K. The Kindle Publications subscription is available for Kindles, Android, and iOS devices. Issues are also available individually in the subscription section. For those of you using Mac and PC devices, individual issues are available in the standalone Kindle Book format. You can also get this version in U.K., France, Spain, Italy, and Germany. We also have an epub version available for the Nook or almost every other ereader. And we intend to keep adding more, as long as there is a demand.
+
HOTEL PENNSYLVANIA SAVED?31.12.11-11:26
Possibly. In a story that all of us seem to have missed a couple of weeks ago (possibly because it was in the New York Post), Vornado Realty Trust is having second thoughts about tearing down the Hotel Penn (home of our biennial HOPE conferences), at least in the near future. There are a number of reasons, none of which are a huge surprise: the overall state of the economy, the prospect of new commercial buildings going up in surrounding areas which will make it all the harder to get tenants for yet another office tower, and the fact that the hotel brings in a ton of money.

Debian-linux.cz

zpravodajství z distribuce Debian

+
Seriál muchobijeckých party pokračuje18.02.12-12:07
+
Debian hledá projekty a mentory pro Google Summer of Code 201218.02.12-11:33
+
Vývoj Debianu údajně stál devatenáct miliard dolarů18.02.12-11:01
+
„Wheezy“ artwork contest18.02.12-10:44
+
Upgrade Debianu Lenny na poslední chvíli07.02.12-08:19
+
V pondělí 6. února končí podpora Debianu Lenny02.02.12-15:06
+
Debian 7.0 Wheezy bude obsahovat jádro 3.230.01.12-10:28
+
Vyšel aktualizovaný Debian Squeeze 6.0.428.01.12-15:27
+
Návod: instalace forku Gnome 2 MATE do Debianu Wheezy nebo Sid28.01.12-14:56
+
io.debian.net dočasně mimo provoz25.01.12-19:45
+
Zmrazení proběhne na začátku léta25.01.12-18:33
+
Muchobijecká párty v Paříži25.01.12-18:13
+
Pozor na to, jak odpovídáte na otázky uživetelům24.01.12-17:49
+
Španělská Extremadura převede 40 000 desktopů na Linux24.01.12-17:21
+
PHP 5.4 pomalu míří do Debianu22.01.12-17:18
+
Instalátor Debianu: čeština a slovenština v síni slávy14.01.12-13:56
+
Debian je nejpopulárnější distribuce na serverech09.01.12-21:35
+
Vydána druhá beta verze distribuce Debian Edu08.01.12-11:50
+
Gnome 3.2 v Debianu30.12.11-11:38
+
KDE 4.7.4 experimentálně v Debianu21.12.11-13:36

Synopsi Blog

Web 2.0, internet, bezpečnosť, biznis a viac

+
OpenCoffee a StartupCamp13.12.10-04:29
Pod týmito názvami sa skrývajú dve akcie, na ktorých by ste zaručene nemali chýbať. Obe sa trošku líšia. Každá je zameraná na inú oblasť, no obe majú niečo spoločné. Stretnete na nich zaujímavých ľudí, dozviete sa niečo nové a sú úplne zadarmo. Som nesmierne rád, že za posledný rok sa zorganizovalo niekoľko zaujímavých akcií a [...]
+
Do cudzieho Facebook konta cez rozšírenie Firefoxu25.10.10-23:01
Včera uverejnil Eric Butler rozšírenie do Firefoxu [Firesheep], ktoré automatizuje odpočúvanie nezašifrovanej komunikácie v lokálnej sieti. V nej hľadá cookies niekoľkých veľkých portálov, ako napríklad Facebook, Google, Twitter, atď. Ak na takéto cookies narazí, skopíruje ich a umožní útočníkovi prihlásiť sa pod kontom obete, len jediným kliknutím. Útok nesúci označenie HTTP session hijacking (občas nazývaný [...]
+
Elektronický občiansky preukaz20.09.10-09:32
Podľa aktuálneho návrhu eGoverment systému by sme už o niekoľko rokov mali dostať občianske preukazy (eID), ktoré by nám mali umožniť efektívnejšie komunikovať so štátnou správou. Okolo technického prevedenia týchto preukazov sa diskutovalo len výnimočne. Zvýšenú pozornosť vyvolal len návrh eHealth systému, ktorý počíta s podobnou kartou pre prístup k zdravotným informáciám pacienta. Skúste si [...]
+
Bude Internet banking Tatra Banky vo Flashi?12.09.10-02:50
Internet banking (IB) Tatra Banky (TB) by mal byť v blízkej budúcnosti dostupný v novej verzii vytvorenej technológiou Adobe Flex, resp. Flash. Informuje o tom samotná banka na stránkach svojho IB. Je to dobrá, alebo zlá správa? Na začiatok je potrebné vyjasniť jednu podstatnú vec. Adobe Flash je klientská aplikácia, ktorej ekvivalentom je kombinácia HTML, [...]
+
Konferencia29.08.10-18:03
Prešli približne dva roky od prvého Barcampu, ktorý určitým spôsobom spojil časť slovenskej IT scény. Od vtedy sa ich konalo ešte niekoľko, parkrát som i ja pozval ľudí na neformálne stretnutie pod hlavičkou Synopsi, prvý slovenský Tedx bol podľa mnohých fantastický, no a nedávno sa konal Startupcamp, kde sa stretlo celkom pekné množstvo zaujímavých ľudí. [...]
+
O "úniku" dát z Facebooku30.07.10-04:15
Pred dvomi dňami publikoval Ron Bowles súbor obsahujúci dáta zo 170 miliónov profilov na Facebooku. Svetové média sa nestíhajú predháňať v analýzach a dopadoch tohoto tzv. úniku na bežných užívateľov a tie lokálne ich kopírujú koľko sa len dá (česť výnimkám). Skutočnosť je taká, že Ron Bowles urobil to isté, čo robia vyhľadávače, ako napríklad [...]
+
Facebook a ClickJacking15.06.10-16:30
Facebook je vďačným terčom útokov prakticky od svojich začiatkov. Od vtedy, ako prestali byť užívatelia Facebooku fanúšikmi jednotlivých stránok a skupín, a stali sa z nich zo dňa na deň “Likeri”, objavujú sa útoky využívajúce tzv. ClickJacking. Čo je to ClickJacking ClickJacking, označovaný tiež aj ako UI redress attack, je forma útoku, pri ktorej útočník [...]
+
Ako sa chrániť pred zraniteľnosťami v Adobe Flash a Reader07.06.10-04:38
Minulý piatok informovala spoločnosť Adobe na svojom blogu, že bola objavená veľmi závažná zraniteľnosť v jej prakticky najpoužívanejších produktoch, Flash, Acrobat a Reader. Táto zraniteľnosť predstavuje kritické bezpečnostné riziko pre bezpečnosť užívateľov, ktorí používajú ktorýkoľvek z týchto produktov. V článku nájdete niekoľko jednoduchý rád ako sa chrániť pred touto, ale aj ďalšími zraniteľnosťami v týchto [...]
+
Facebook posiela IP adresu užívateľov priamo v emailoch08.05.10-02:41
Bezpečnosť Facebooku patrí medzi vďačné témy a to nielen preto, že sa tím okolo Facebooku snaží znateľne znížiť všeobecne zaužívané pravidlá pre publikovanie osobných informácií na internete. Facebook je aj zaujímavým miestom pre hľadanie bezpečnostných zraniteľností. Jednu z tých zaujímavých dnes publikoval Matt Churchill. Ten si všimol, že Facebook v notifikačných emailoch zasiela rôzne údaje, [...]
+
SK-NIC náš každodenný27.04.10-03:55
So spoločnosťou SK-NIC a.s. prichádzame do kontaktu, priamo alebo nepriamo, praktický každý deň pri surfovaní po slovenskom internete. Len málokto pozná históriu a súčasný stav tejto spoločnosti, ktorá spravuje našu národnú doménu. Článok bol kvôli svojej rozsiahlosti rozdelený na dve časti: Analýza a názorový článok. Spoločnosť SK-NIC a.s. je dnes výhradným prevádzkovateľom doménového priestoru pre [...]

Root.cz

Root.cz - informace nejen ze světa Linuxu

+
KDE 4.8 Release party již tento pátek22.02.12-17:46
Již pozítří se uskuteční KDE 4.8 párty v Praze. Neváhejte přijít si popovídat o KDE ale i o Linuxu obecně. Vše začíná v pátek v pět hodin odpoledne v pražské pobočce SUSE. P.S.: Dort už dorazil ;-)
+
KDE možná zruší podporu pro staré grafické karty22.02.12-15:11
Martin Gräßlin, vedoucí vývojář projektu KWin, zvažuje na svém blogu zrušení podpory grafických karet, které umí jen OpenGL 1.x. Argumentuje tím, že všechny novější grafické karty a čipy zvládají OpenGL 2.0. Konkrétně karty ATI od roku 2002,...
+
Vyšel Red Hat Enterprise Linux 5.822.02.12-14:09
Red Hat vydal osmou aktualizaci své linuxové distribuce RHEL 5. Aktualizace přináší podporu nového hardware (hlavně sítě, grafické karty a storage), vylepšení virtualizace a novinky v oblasti bezpečnosti. Podrobnosti získáte v oficiálním...
+
Vyšel SystemRescueCd 2.5.022.02.12-13:21
François Dupoux oznámil vydání nové verze live distribuce SystemRescueCd, která je určena především pro administraci a opravu datových nosičů po havárii. Nová verze přináší novější jádro a ovladač NTFS-3G. Dále přidává nové verze utilit pro...
+
Zakladatel Megaupload propuštěn z vazby22.02.12-11:12
Němec Kim Schmitz alias Kim Dotcom, který je zakladatelem nedávno uzavřené služby Megaupload, byl propuštěn z novozélandské vazby. Soudce přitom upozornil také na fakt, že úřady zabavily Schmitzovi všechny peníze, takže nemůže opustit zemi. Ze...
+
Oracle seškrtal škody způsobené Androidem na pouhá 4 %22.02.12-11:10
Před rokem a půl společnost Oracle zažalovala Google za to, že v systému Android využívá technologie z prostředí Java, na které má Oracle patenty. Konkrétní patenty byly explicitně vyjmenovány a Oracle tím započal velké tažení za ochranu svého...
+
Ubuntu pro Android umožňuje běh na chytrých telefonech22.02.12-10:16
Společnost Canonical představila koncept Ubuntu pro Android, který umožňuje využít chytrý telefon jako desktopový počítač. Pokud svůj přístroj doma posadíte do dokovací stanice a připojíte k němu monitor, klávesnici a myš, získáte plně využitelný...
+
Vyšel Apache 2.4, útočí na pozice Nginx22.02.12-09:22
Vývojáři uvolnili novou verzi nejpoužívanějšího webového serveru Apache, označenou jako 2.4. Ta si za hlavní cíl stanovila nabídnout více výkonu. Vylepšuje proto caching, moduly proxy a také session control. Podle vývojářů jde o nejvýkonnější...
+
Přibývá DDoS útoků po IPv622.02.12-08:41
Nový síťový protokol IPv6 se teprve začíná pořádně rozšiřovat, ale přináší sebou řadu nových otázek, mezi kterými jsou i otázky bezpečnostní. Zatím se přes něj prakticky neútočilo, takže mnoho uživatelů i poskytovatelů pro šestku nemá správně...
+
Jak pomohl monitoring odhalit mezinárodní botnet Chuck Norris?22.02.12-07:53
Bezpečnost IT infrastruktury a počítačové sítě jsou dnes klíčové pojmy nejenom pro expertní CSIRT týmy. Stačí pro jejich dosažení nasadit firewall a IDS/IPS? Nebo je potřeba více? V přednášce na konferenci Trendy v internetové bezpečnosti se Petr...
+
Cinnamon je již ve verzi 1.321.02.12-16:03
Fork GNOME Shell, který se objevil koncem loňského roku, vyšel v pátek již ve verzi 1.3. Součástí oznámení o vydání je detailní recenze všech novinek doplněná množstvím screeshotů. Všechny součásti panelu jsou tvořeny formou apletů. Lze je tedy...
+
Vyšel PartedMagic 2012_2_1921.02.12-15:02
Patrick Verner oznámil vydání další stabilní verze známé záchranné distribuce PartedMagic 2012_2_19. Nalezneme zne nejnovější verze některých programů a samozřejmě bylo opraveno i pár nalezených chyb. Ze softwarového vybavení jmenujme například...
+
Redbot - programátorská soutěž pro studenty21.02.12-14:14
Na Developer Conference 2012 byla oznámena programátorská soutěž RedBot sponzorovaná společností Red Hat. Soutěž je pro 1 - 3 členné týmy studenů schopných přijít s chytrou strategií a funkční implementací v (téměř) libovolném programovacím či...
+
Mozilla zve na MozCamp CZ 201221.02.12-13:58
Na konci března se v Brně na půdě společnosti Red Hat uskuteční setkání nazvané MozCamp CZ 2012. Akce se koná 24. března od 15 hodin a její náplní budou přednášky a ukázky. Můžete se tak dozvědět novinky z projektu Mozilla, novinky ve Firebugu,...
+
Evropský soud: Sociální sítě nemůže nikdo nutit k filtrování obsahu21.02.12-12:41
Evropský soud rozhodl, že sociální sítě nemůže nikdo nutit k instalaci monitorovacích systémů zabraňujících stahování nelegálních kopii autorsky chráněného materiálu. Jinými slovy, boj proti pirátství nemůže být založen na tom, že sociální sítě...
+
Logo Windows 8 se vrací ke kořenům21.02.12-11:38
Společnost Microsoft v pátek oficiálně představila nové logo pro vydání Windows 8. Opustili design vlajky a vrátili se opět k rovným a přímým liniím znázorňující symbol okna. Vše má více zapadat do principů designového stylu Metro. V rámci...
+
RapidShare extrémně zpomalil stahování neplatícím uživatelům21.02.12-10:52
Jedním z nejznámějších serverů pro sdílení dat po internetu je bezesporu RapidShare. Ten však oznámil, že pro neregistrované uživatele snižuje rychlost stahování na průměrných 30 kb/s. Dále pozastavuje možnost pokračovat v přerušených stahování a...
+
Služba mojeID má už 50 000 uživatelů21.02.12-10:24
Službu mojeID si k dnešnímu dni založilo již více než 50 tisíc uživatelů internetu. Ti mohou své přihlašovací údaje použít na všech stránkách, na nichž naleznou ikony mojeID či OpenID. Přihlásit se zmíněnými identitami můžete i na Root.cz...
+
Proběhne setkání příznivců a tvůrců nezávislých her21.02.12-10:06
Se srazy příznivců a vývojářů her se poslední dobou doslova roztrhl pytel. Další setkání se bude konat 14. března od 19:00 v Praze v prostorách Prager Kabarettu (zastávka metra Vltavská). Organizátoři dle svých slov plánují zatáhnout do programu...
+
Google odpočítává čas do MWC 201221.02.12-09:15
Google spustil stránku s odpočtem času do začátku letošní konference MWC (Mobile World Congress). Ta se koná v termínu 27.2. - 1.3. ve španělské Barceloně. Očekává se představení nových technologií, novinky z oblasti Androidu, nové telefony,...
+
Má tištěná kniha na českém trhu ještě šanci?21.02.12-08:03
Před třemi měsíci spustil knižní distributor Kosmas prodej elektronických knih. O tom, jak jdou prodeje, jak to bude do budoucna s DRM, či zda mají tištěná kniha a kamenná knihkupectví u nás ještě šanci se udržet, mluvila, v rozhovoru pro náš...
+
Ubuntu 12.04 bude mít zapnutou podporu RC6 od Intelu20.02.12-16:30
Linuxové jádro neprožívá zrovna nejlepší momenty, pokud v současné době dojde řeč na spotřebu. Centrem dění je často architektura Sandy Bridge od firmy Intel, která sice usilovně pracuje na podpoře šetřící technologie RC6, ale zatím nejsou...
+
Wine 1.4 RC4 je poslední RC20.02.12-14:48
Vyšlo Wine 1.4 RC4, což je podle vývojářů poslední RC, které pro tuto verzi vyjde. RC4 neobsahuje žádné nové vlastnosti, protože kód byl zmražen a pouze se hledají a opravují chyby. Těch bylo v RC4 opraveno celkem 50 a kompletní seznam, včetně...
+
VLC 2.0 podporuje Blu-ray a nekreslí titulky do videa20.02.12-13:33
Vyšla nová verze populárního multimediálního přehrávače VLC s označením 2.0 Twoflower. Jde o majoritní vydání, takže od něj můžete čekat mnoho nového. Namátkou se jedná například o lepší podporu přehrávání na více jádrech včetně podpory...
+
Tématem únorového openMagazínu je kancelář20.02.12-13:16
V naší elektronické knihovně si můžete stáhnout únorové číslo elektronického měsíčníku openMagazín. Tématem měsíce je kancelář, a proto se například dozvíte, jak změnit výchozí vzhled šablony, nainstalovat elektronický podpis nebo využít offline...

Yenya's World

Linux and beyond - Yenya's blog.

+
Google Authenticator18.11.11-14:30
For some time, I have been considering adding two-factor authentication to my systems in order to prevent break-ins in case somebody's workstation is compromised (which is a common attack vector these days). One of the systems for one-time passwords is Google Authenticator. [... read more ...]
+
Dear Customer,03.10.11-10:20
[...] we would also like to inform you about the following change in your network: a new address has been assigned to you: 2001:4cc8:...::/64.[... read more ...]
+
Which Bike?18.07.11-14:26
The 30 years old frame of my bike broke several weeks ago, so I will need a new bike. We have already decided to buy a new bike for my wife, so I have took the frame of her present bike, and remounted some components of my former bike to it. So I don't need a new bike right now, and I have more time to decide what I want. [... read more ...]
+
High-Performance HTTP Servers15.06.11-09:34
Yesterday I have read about Apache Traffic Server. My dear lazyweb, do you use something like that (or Nginx)? What is your main reason for using it? I wonder why use user-space solution, when IPVS works pretty well for load balancing.
+
Citroën Xsara03.06.11-18:02
It has been seven years since I have bought my Citroën Xsara. At that time, I have considered several models, looking for an estate car for my family. Having used several Škoda Felicia cars in my previous job, I have definitely wanted a car from some other manufacturer. My opinion was "the car can have its problems, but at least let it be different problems than Škoda have". [... read more ...]
+
Mysterious Source Code24.05.11-15:15
About a month ago, I have spotted a two-page listing of source code in our printer room/kitchenette. I have glanced over it briefly, and during subsequent visits to the room, I became more and more fascinated by it. Finally, about a week ago, I have grabbed it for myself, because nobody seemed to care about it anymore. So here it is, in all its glory: [... read more ...]
+
Lost GUI features23.05.11-15:30
Contemporary GUI applications have several problems which, if I remember correctly, previous systems did not have. I wonder whether somebody else also considers it being a problem: [... read more ...]
+
GNOME 320.05.11-20:45
After installing Fedora 15 in a virtual machine, I have decided to give GNOME 3 a try. Firstly, it is really slow over VNC. While GNOME 2 has been pretty usable for testing various new applications in a virtual machine, under GNOME 3 it is almost impossible. Here is a screenshot on which I will demonstrate my problems with GNOME 3: [... read more ...]
+
Rethinking Cron03.05.11-15:41
cron(8) is one of the oldest tools in UNIX. Despite of that, I think cron is not something to be proud of. In my opinion, it falls to the unfixable designs category. The recent attempts to fix it (factoring out atd(8), a dirty hack that is anacron(8), etc.) show some of the problems of cron. My recent experience confirms it: [... read more ...]
+
git-diff(1) Dark Color Scheme01.04.11-14:27
The default colored output of git-diff(1) and other commands is a bit ugly in my terminal with dark (green-on-black) color scheme. Here is how to fix it: [... read more ...]
+
man(1) Surprise25.03.11-09:46
Hello, this is your editor speaking, welcome to the "lesser known Linux feature of the day" series. Today we will cover an interesting feature of man(1) that your editor has just ran into. Try running the following command: [... read more ...]
+
XFCE23.03.11-18:09
The first alternative to GNOME I have decided to try is XFCE. In the LWN discussion, Jon Masters presented it as a viable replacement to GNOME. Also, it uses GTK+ like GNOME, so many applications can be the same (including, I have hoped, my window manager of choice, Sawfish. XFCE is definitely usable and configurable for power-user. Most (but not all) properties can also be set using their Settings manager, and thus XFCE should also be mostly usable for ordinary users. So far the problems include: [... read more ...]
+
GNOME in the Shell22.03.11-23:50
Yesterday, after reading The Grumpy Editor's GNOME 3 experience article at LWN, I have decided it is time to at least make an attempt to move away from GNOME, which (much like KDE 4) decided to use revolutionary instead of evolutionary development, and apparently continues in their feature removal crusade in the name of so called usability. Also, this might be a good chance to move away from Galeon after so many years. [... read more ...]
+
New Odysseus09.03.11-10:45
We have got a new hardware for our FTP server to replace our seven years old server. It is amazing how the old hardware is still in many aspects on par with state-of-the-art "average workstations". The old system had 12 GB of RAM, 8 TB of disks, and dual GbE. It was one of the first 64-bit x86 systems here at Faculty of Informatics. So, which principal improvements in server hardware the last seven years brought (apart from speed, of course)? [... read more ...]
+
Is My Teaching Getting Bad?31.01.11-15:04
The results of the final exam of the UNIX - Programming and System Administration I course make me wonder whether I am getting gradually dumb or bad at teaching. [... read more ...]

Zdroják

Zdroják - tvorba webových stránek a aplikací

+
Architektura aplikace nad Doctrine 223.02.12-00:00
O Doctrine 2 je na webu dostatek informací - i na Zdrojáku je poměrně podrobně popsáno, jak Doctrine používat, jak s ním pracovat a jak v něm psát i složitější úlohy. Tento článek ukáže nikoli samotný ORM, ale aplikaci, která jej používá, a možné problémy, na které při vývoji narazíte.
+
Jdu hacknout váš server... díl 320.02.12-00:00
Naposledy jsem na cílovém serveru získal omezený přístup přes PHP shell. Pro připomenutí - jedná se o krátký skript, který přes exec/passthru pouští příkazy, které mu zadáme pomocí GET nebo POST požadavku. Na server jsem ho v tomto příkladu dostal přes SQL injection, další možností mohlo být třeba nesprávně ošetřené nahrávání souborů.
+
Slovo šéfredaktora17.02.12-00:00
Některé články se píšou skoro samy, slova se sypou od ruky do textového editoru a člověk má problém s tím sledovat běh svých myšlenek. Jiné se píšou těžko, hledáte každé slovo, zvažujete, a text se rodí pomalu a ztěžka. A pak jsou články, jako tento, kde se slova sice sypou sama, ale přesto se nepíšou lehce.
+
Dotýkejte se, prosím, na více místech15.02.12-00:00
V předchozích dvou článcích jsme si ukazovali, jak lze obsloužit dotyková gesta a jak zpracovat jednotlivé body dotyku. Naznačili jsme si strukturu informací, které má aplikace k dispozici. V posledním pokračování si ukážeme, jak je využít pro sledování dotyků více prsty.
+
Jdu hacknout váš server... díl 213.02.12-00:00
V minulém díle jsem na cílovém serveru objevil bezpečnostní trhlinu (SQL injection) a připravil jsme si další postup. Nyní si z databáze konečně něco vypíšu - rozhodně seznam uživatelů (a hesla, pravděpodobně zahashovaná), s trochou štěstí systémové soubory. Prozatím ale skromně začnu zjištěním metadat: verze a typ databáze a názvy důležitých tabulek a sloupců.
+
Integrované systémy pro správu kódu08.02.12-00:00
Pro správu změn ve zdrojovém kódu se používají verzovací systémy. V reálné praxi bývá nutné je integrovat s dalšími nástroji pro ostatní části životního cyklu aplikací - nejčastěji se správou požadavků, bugů a úkolů, velmi často s automatickými nástroji pro vytváření buildů, někdy i se správou testovacích případů a testů.
+
Jdu hacknout váš server... díl 106.02.12-00:00
Jsem hacker a chci váš server. Přečtěte si, jak postupuji, čeho se snažím vyvarovat a jak mě naopak můžete odhalit. Možná jsem se přes bezpečnostní díru ve formuláři dostal na vaše SSH. Jako root. Nebo jenom k celé databázi, to přes sql injekce. Dnes začnu přípravou průniku. Pojďte mi nakouknout přes rameno.
+
Zlepšite svoje jQuery - OOP, menné priestory, pub-sub01.02.12-00:00
Denne využívam JS framework jQuery k svojej práci. Napriek nepopierateľným výhodám, ktoré tento framework do života webdevelopera prináša, nepredstavuje klasická štruktúra jQuery kódu ideálny spôsob písania väčšieho projektu. V tomto screencaste vám chcem predstaviť odlišnú štruktúru JS aplikácie, ktorá vám umožní ,,vyrásť".
+
KISS v praxi: polibek pro blog30.01.12-00:00
Strategii KISS, tedy ,,udržovat při vývoji věci jednoduché a malé, jak to jen jde", lze použít i v tak jednoduchých případech, jakým je osobní weblog. Nikde není psáno, že weblog rovná se nutně, vždy a nevyhnutelně WordPress (nebo podobný CMS), který je všechno jiné, jen ne ,,KISS". Jak by tedy mohl vypadat ,,minimalistický weblog"?
+
Má si hloupý uživatel koupit chytrý telefon?27.01.12-00:00
Chytrému telefonu jsem se dlouhou dobu bránil. Zastávám názor, že mobil by neměl být chytřejší než jeho uživatel a nebyl jsem si zcela jistý, zda bych to v případě smartphonu sám splňoval. A tak jsem halasil, že telefonování, SMSky a 640 kb paměti přece stačí každému a Hada nebo Tetris si můžu zahrát i na svém letitém černobílém pitomofonu.

abclinuxu - čerstvé zprávičky

Seznam čerstvých zpráviček na portálu www.abclinuxu.cz

+
Flash a Linux01.01.70-01:00
Phoronix upozorňuje na chystané změny v podpoře Flashe na Linuxu. Adobe se spojilo s Googlem, z čehož vzešlo nové multiplatformní API pro doplňky webových prohlížečů PPAPI. Budoucí verze Flash pluginu pro Linux budou podporovat pouze toto API. Ze současných prohlížečů je však podpora pouze v Google Chrome. Adobe bude nadále udržovat aktuální řadu Flashe 11.2 se starým NPAPI po dobu pěti let a navíc k tomu přidá debug verzi a aktualizovanou specifikaci, což by snad mohlo pomoci svobodným implementacím Gnash a Lightspark.
+
KWin a postarší hardware01.01.70-01:00
Martin Gräßlin se v zápisku Cena za podporu starého hardwaru zamýšlí nad stavem, kdy se od FLOSS světa očekává, že bude podporovat všemožný zastaralý hardware, a tím jaké problémy to přináší. Z hlediska KWinu jde zejména o hardware podporující pouze OpenGL 1.x nebo nepodporující NPOT textury. Jednou stránkou je problém se sháněním či zapojováním starého hardwaru do nové sestavy kvůli testování, či omezení vývoje na staré sestavě. Druhou je pak údržba OpenGL 1.x a XRender backendu v KWinu a zvýšená komplexita, kterou tento kód způsobuje. Do budoucna se pak rýsují problémy s Qt 5 a Waylandem. Problém při odstranění OpenGL 1.x podpory však nastane s morálně zastaralým ale ne až starým Intel hardwarem a s Catalyst ovladači, které i pro moderní hardware používají ke kompozici nepřímé vykreslování a OpenGL 1.x. Zajímavým řešením může být podle Martina softwarový LLVM ovladač, jenž odstraní nutnost mít moderní grafický hardware. Pokud se tato cesta ukáže jako dostatečně výkoná, bude Martin zahození OpenGL 1.x kódu nakloněn.
+
Linux 3.2.7 a 3.0.2201.01.70-01:00
Vyšel Linux 3.2.7 a 3.0.22. Vzhledem k tomu, že obsahují řadu důležitých oprav, vyzývá Greg K-H všechny uživatele k aktualizaci.
+
FlightGear 2.6.001.01.70-01:00
Po půl roce vyšla nová verze leteckého simulátoru FlightGear 2.6.0. Zařazeno bylo ozvučení AI a MP modelů, pohyb mraků s větrem, pěna na vlnách ve větru, nový systém pro replay a mnoho dalšího.
+
Redbot - programátorská soutěž pro studenty01.01.70-01:00
Na Developer Conference 2012 byla oznámena programátorská soutěž RedBot sponzorovaná společností Red Hat. Soutěž je pro 1 - 3 členné týmy studenů schopných přijít s chytrou strategií a funkční implementací v (téměř) libovolném programovacím či skriptovacím jazyce.
+
Hlavní téma kancelář - to je únorový openMagazin01.01.70-01:00
Jak nainstalovat elektronický podpis? Chcete změnit výchozí šablonu v OpenOffice.org | LibreOffice? To vše se dozvíte ve vycházejícím únorovém openMagazinu, který má téma kancelář a můžete si ho stáhnout. Dále si v rozsáhlém testu přečtete srovnání vlastností kancelářských balíků Microsoft Office, OpenOffice.org a LibreOffice. Pokud vám chybí funkce nebo vlastnost v OpenOffice.org | LibreOffice, článek o rozšířeních vám nabídne jejich širokou škálu. Souhrnný článek vám napoví, jak vybrat šikovný a rychlý dvoupanelový správce souborů. V čísle najdete pojednání o tom, proč je open source a Linux vhodný pro školy, firmy, ale i úředníky velkých měst, jako jsou Helsinki.
+
Cinnamon 1.301.01.70-01:00
Clement Lefebvre vydal Cinnamon 1.3. Nastavovací dialog Cinnamon Settings nyní obsahuje nástroje pro editaci oken, fontů, ikon, gtk motivů a dalších vlastností prostředí. Užitečných změn doznal panel. Veškerý jeho obsah nyní tvoří aplety, které mohou být libovolně přesunovány pomocí drag & drop. Vývojáři doplňků byli vyzváni, aby nadále rozšiřovali funkčnost panelu výhradně pomocí apletů. Rozšíření (extensions) jako taková by měly být směrovány mimo panel. O Cinnamonu vyšel na AbcLinuxu článek.
+
Oracle prodloužil životnost Javy 601.01.70-01:00
Oracle odsunul ohlášený "end of life" Javy SE 6 a JDK 6. Původní datum pro ukončení podpory bylo stanoveno na červenec 2012, nyní ale bylo odsunuto až na listopad. Pozměněny byly také pravidla pro ukončení podpory neboli "End Of Life Policy".
+
Projekt Debian zveřejnil svůj postoj k softwarovým patentům01.01.70-01:00
Projekt Debian zveřejnil své programové prohlášení týkající se postoje projektu k softwarovým patentům. Stojí v něm, že projekt nebude vědomě šířit software zatížený patenty a že nebude přijímat licence nekompatibilní se společenskou smlouvou komunity svobodného softwaru. Dále se v prohlášení píše například to, že patenty představují riziko pro celou společnost.
+
The Document Foundation oficiálně uznána01.01.70-01:00
The Document Foundation, organizace zaštiťující vývoj LibreOffice, byla v Německu oficiálně zaregistrována a uznána jako nadace s dlouhodobým záměrem a nezávislým financováním. Právník Michael Schinagl k tomu řekl, že vytvoření nadace garantující aktivním přispěvatelům tak silná práva, je ve světě svobodného softwaru něčím unikátním.

Security Tool Files ≈ Packet Storm

Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers

+
Red Hat Security Advisory 2012-0324-0122.02.12-03:11
Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
+
Nmap Iptables Shell Script21.02.12-13:12
This is a shell script that launches iptables to add rules that will flag various types of nmap scans.
+
1337 Multiple CMS Scanner Online18.02.12-17:13
This tool is a php script that assists in finding vulnerable components in multiple CMS systems.
+
360-FAAR Firewall Analysis Audit And Repair 0.1.318.02.12-17:02
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
+
Multi Threaded TCP Port Scanner 4.018.02.12-04:19
This is a basic TCP SYN scanner that is multi-threaded.
+
Hydra Network Logon Cracker 7.216.02.12-04:50
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
+
360-FAAR Firewall Analysis Audit And Repair15.02.12-18:22
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
+
AdSuck DNS Server 2.4.214.02.12-01:44
Adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
+
Bluelog Bluetooth Scanner/Logger 1.0.213.02.12-03:36
Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
+
Codetective Analysis Tool12.02.12-17:37
Codetective is a simple tool to determine the crypto/encoding algorithm used according to traces of its representation. Written in Python.
+
Creepy Geolocation Gathering Tool 0.1.9510.02.12-23:09
creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.
+
Haveged 1.408.02.12-23:29
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
+
trixd00r 0.0.108.02.12-23:19
trixd00r is an advanced and invisible userland backdoor based on TCP/IP for UNIX systems. It consists of a server and a client. The server sits and waits for magic packets using a sniffer. If a magic packet arrives, it will bind a shell over TCP or UDP on the given port or connecting back to the client again over TCP or UDP. The client is used to send magic packets to trigger the server and get a shell.
+
Viper FakeUpdate Script08.02.12-23:12
This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
+
Fake POP3 Daemon08.02.12-00:17
This is a compact fake pop3 daemon that logs password attacks.
+
Another File Integrity Checker 2.2008.02.12-00:12
afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
+
Whitewash 2.008.02.12-00:08
The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
+
IP-Link 0.206.02.12-12:11
The goal of IP-Link is to show the relationships between different IP addresses from network traffic capture, thus quickly determining for a given address the IP address with which it communicates the most.
+
Viper Network Sniffer Script05.02.12-01:44
This is a bash script to use in conjunction with Backtrack that simplifies the spawning of various sniffers.
+
Port Tester 0.104.02.12-00:37
This is a simple little port scanning script written in python.
+
Dradis Information Sharing Tool 2.9.003.02.12-03:53
dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts.
+
WeBaCoo (Web Backdoor Cookie) 0.2.202.02.12-03:03
WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
+
Bluelog Bluetooth Scanner/Logger 1.0.101.02.12-04:49
Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
+
GNU Privacy Guard 1.4.1201.02.12-04:23
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
+
PgSql Brute Force31.01.12-13:13
This is a small application built to demo the weakness in pgsql and networking. It is capable of running login attempts from multiple threads in parallel and can run up to 1024 concurrent connections.

Will Hack For SUSHI

Hacking and Defending Wireless

+
Things I Wish Amazon.com Didn’t Tell Me01.01.70-01:00
+
The Changing Wireless Attack Landscape01.01.70-01:00
+
Pen Test Perfect Storm 6: We Love Cisco!01.01.70-01:00
+
ISACA Review: Hacking Exposed Wireless 2nd Edition01.01.70-01:00
+
Packet Capture Payload Assessment01.01.70-01:00
+
GIAC GAWN Ethical Hacking Wireless Testing Aid01.01.70-01:00
+
Reflections on “hole196″01.01.70-01:00
+
Evading IPS/IDS with TCP Checksum Forgery01.01.70-01:00
+
FaceTime Protocol Analysis01.01.70-01:00
+
WiMAX Network Scanning Work-in-Progress01.01.70-01:00

Sorry, no items found in the RSS file :-(

Root.cz

Root.cz - informace nejen ze světa Linuxu

+
openMagazin 2/201201.01.70-01:00
Tématem měsíce je kancelář, a proto se například dozvíte, jak změnit výchozí vzhled šablony, nainstalovat elektronický podpis nebo využít offline slovníky. V rozsáhlém testu přináší srovnání vlastností kancelářských balíků Microsoft Office,...
+
Dohoda ACTA česky01.01.70-01:00
Kompletní znění mezinárodní dohody proti padělatelství (ACTA) v češtině.
+
openMagazin 1/201201.01.70-01:00
Přišel leden nového roku a s ním radikální změny ve vzhledu a členění openMagazinu. Svět open source se mění a my se měníme s ním. Zásah se týká celého časopisu a my věříme, že se vám budou změny líbit. Ostatně, přesvědčte se sami. Ty...
+
Internetový protokol IPv6 (třetí vydání)01.01.70-01:00
IPv6 se má stát nástupcem současného IPv4, základního protokolu sítě Internet. Má vyřešit především akutní nedostatek adres, ale přináší i řadu dalších zajímavých vlastností. V knize se podrobně seznámíte?s vlastnostmi základního protokolu i jeho...
+
openMagazin 12/201101.01.70-01:00
Zahrajete si občas nějakou hru? Téma prosincového openMagazinu je o hrách a hraní; vybrali jsme pro vás několik deskových, simulačních a najde se i strategická. Známé hry např. šachy, mlýn, go, piškvorky, nesmí chybět. Ale některé jsou už méně...
+
openMagazin 11/201101.01.70-01:00
Myslíte si, že jen placený software je ten pravý a nedá se ničím nahradit? Ale nemáte dostatek prostředků ve firmě, škole, domácnosti nebo organizaci na to, abyste platili a platili? Toto číslo openMagazinu vám ukáže cestu, jak ušetřit nemalé...
+
openMagazin 10/201101.01.70-01:00
S novým číslem openMagazinu přichází i změny k lepšímu. Nadále se bude vycházející číslo krýt s číslem měsíce. Znamená to, že např. začátkem října bude vycházet číslo 10. Další změna je, že každé číslo bude tématicky zaměřené. Věříme, že vám...
+
openMagazin červenec 201101.01.70-01:00
Na závěr prázdnin pro vás máme oddychové číslo openMagazinu, které pro vás exkluzivně přináší pár článků, které byly psány jen a jen pro něj. Jeden z článků, které byly psány přímo pro openMagazin a nikde jinde ho nenajdete, je o programu Graph...
+
openMagazin červen 201101.01.70-01:00
Od červnového openMagazinu bude mít každé číslo přibližně 50 stran a bude kratší. Chceme zvýšit kvalitu, a proto pečlivěji vybíráme články. Omezením počtu stránek se vyhneme i bobtnání velikosti souboru.
+
FreeBSD 8.2 handbook01.01.70-01:00
Kompletní oficiální příručka k operačnímu systému FreeBSD pro verzi 7.4-RELEASE a 82-RELEASE. Zabývá se instalací, konfigurací, provozem a správou tohoto univerzálního operačního systému.

Blogy a názory: Václav Žák

+
Přímá volba prezidenta - aneb o cestě ke dnu10.02.12-09:42
psáno pro čro6
+
Polský politik v Berlíně prosím čtěte pozorně02.01.12-21:08
Projev ministra zahraničních věcí Radosława Sikorského přednesený 28. listopadu 2011 v Berlíně.
+
Tomáš Němeček Uhlobaroní bez koruny18.11.11-21:30
Starší článek z Respektu (2004), aby pan ministr Kalousek pochopil, co může republice scházet
převzato ze serveru cs-magazin.com
+
Další angažmá Václava Klause21.10.11-23:55
Psáno pro ČRo6
+
Řeč Evropana12.10.11-23:21
Z parlamentního vystoupení Jána Figeľa, předsedy KDH, ve Slovenské národní radě při projednávání ratifikace posílení EFSF.
Obávám se, že jsem takovou řeč od českého politika neslyšel
+
Babiš o korupci11.10.11-06:35
Psáno pro ČRo6
+
Skutečně církevní majetek?05.10.11-14:03
Psáno pro ČRo6
+
Proč se Alexandra Alvarová mýlí20.08.11-03:23
Zvládáme svou minulost?
+
Klaus v Austrálii27.07.11-01:21
psáno v reakci na blog Krištofa Baláka
+
Vstup Chorvatska do EU - test české demokracie21.07.11-21:44
Psáno pro ČRo6
+
Umíte to vysvětlit aneb o bonmotech ze zlata27.06.11-21:46
Psáno pro ČRo6
+
Po stávce, nebo před stávkou?24.06.11-16:21
Psáno pro ČRo6
+
Jak je to s právem na politickou stávku?15.06.11-23:57
Psáno pro ČRo6
+
Jak má vlastně fungovat stát s tržní ekonomikou?29.05.11-21:07
Psáno pro ČRo6
+
Jeden krok dopředu a pak dva zpátky - aneb čs. pokus o otevřenou společnost16.05.11-13:38
Článek z roku 1992
Vyšel v časopise REPORTÉR
Co bylo možné vidět už v roce 1992?
+
Důvěra ve psí13.05.11-21:13
Psáno pro ČRo6
+
Demokracie ve cvokhauzu II27.04.11-19:29
Psáno pro Aktuálně.cz
+
Demokracie ve cvokhausu20.04.11-20:54
Psáno pro ČRo6
+
O potřebě jasnovidectví12.04.11-16:47
Psáno pro ČRo6
+
O jedné bouřlivé diskusi v Poslanecké sněmovně31.03.11-23:33
Psáno pro ČRo6

Adaptive Mind

Člověk jest tvor přizpůsobivý...

+
Google Analytics with jQuery14.08.11-23:08
]]>
+
Zero Results Search Terms in Google Analytics (async edition)14.06.11-20:14
]]>
+
Hřích sedmý - Smilstvo18.04.11-12:01
]]>
+
Hřích šestý - Obžerství11.04.11-09:51
]]>
+
Hřích pátý - Závist18.03.11-16:13
]]>
+
Hřích čtvrtý - Hněv09.03.11-09:04
]]>
+
Hřích třetí - Lenost01.03.11-09:10
]]>
+
Hřích druhý - Lakomství24.02.11-08:52
]]>
+
Hřích první - Pýcha22.02.11-10:08
]]>
+
Sedm smrtelných hříchů UX designéra - Úvod20.02.11-12:04
]]>

My SecTools

The MySecTools idea was born when a user sent an email to the handlers at the SANS Internet Storm Center , where I am a volunteer handler, asking about an updated version of Sectools.org, which is a great website. I decided to create this site with my preferred Security tools, which will be in different sections, like Malware Analysis tools, Network tools,etc... The tools are in alphabetical order but the updates will be in the first place in the the section. And, of course, if you want to suggest a tool, just send me an email @ pbueno//@//Gmail! You can also follow me on twitter for updates: twitter.com/besecure *I removed the menu for mobile users, until I get a better one with no scripts.

+
Online Tools31.01.11-08:22
The online tools contains an updated list of online resources that can be used to help determine when a file is malicious or if website contains suspicious activity.

Anubis - "Anubis is a service for analyzing malware."
http://anubis.iseclab.org/

Bitblaze -Online Unpacker
https://aerie.cs.berkeley.edu/submitsample.php

Eureka - Sandbox
http://eureka.cyber-ta.org/

Comodo - "If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings."
http://camas.comodo.com/

Ether - "Malware Analysis via Hardware Virtualization Extensions"
http://ether.gtisc.gatech.edu/web_unpack/

IPVoid - "...allows users to scan an IP Address with multiple scanning services to facilitate the detection of IP Addresses that have committed malicious activity and to check if a website is hosted in a compromised server, used for spam, phishing or to host malicious content."
http://www.ipvoid.com

Joebox - Sandbox
http://www.joebox.org/samples.php

JSUnpack Online - Online version of the stand-alone tool jsunpack
http://jsunpack.jeek.org/dec/go

McAfee SiteAdvisor - "We test websites for spyware, spam and scams so you can search, surf and shop more safely."
http://www.siteadvisor.com

Norman SandBox - "Free uploads of program files that you suspect are malicious or infected by malicious components, and instant analysis by Norman SandBox. The result is also sent you by email."
http://www.norman.com/security_center/security_tools/submit_file/

PDF Analyzer - "View PDF objects as hex/text, PDF dissector and inspector, scan for known exploits"
http://www.malwaretracker.com/pdf.php

Sunbelt CWSandbox - "CWSandbox is an approach to automatically analyze malware which is based on behavior analysis: malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored."
http://mwanalysis.org/

ThreatExpert - "ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode."
http://www.threatexpert.com/submit.aspx

URLVoid - "allows users to scan a website address with multiple scanning engines such as Google Diagnostic, McAfee SiteAdvisor, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites."
http://www.urlvoid.com/

VirusTotal - Send a file and see the detection according the AV vendors.
http://www.virustotal.com\

Wepawet - "Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files."
http://wepawet.iseclab.org/
+
Forensics /Network Forensics Tools30.11.10-08:22
This list of Forensics/Network Forensics tools contains some of the tools that can be used to extract valuable info from the system or from network capture files (usually pcap files). Imagine getting a large pcap file and you need to extract all emails form there? Or Extract all jpegs? These tools can definitely help.

DateDecoder - "A command line tool used to decode various date/time stamps from their encoded format to human readable format."
http://www.live-forensics.com/dl/DateDecoder.zip

Draugr - "Live memory forensics (Linux (symbols, process))"
http://www.esiea-recherche.eu/~desnos/draugr/draugr.tar.gz

EchoMirage - "Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified."
http://www.bindshell.net/tools/echomirage

Foremost - "Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery."
http://foremost.sourceforge.net/

Forensics ToolKit - "The Forensic ToolKit(TM) contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity."
http://www.foundstone.com/us/resources/proddesc/forensictoolkit.htm

HexReader - "Reads hexoffsets from files, is primary used to then send output to datedecoder."
http://www.live-forensics.com/dl/HexReader.zip

Hfsexplorer - "HFSExplorer is an application that can read Mac-formatted hard disks and disk images.
It can read the file systems HFS (Mac OS Standard), HFS+ (Mac OS Extended) and HFSX (Mac OS Extended with case sensitive file names)."
http://hem.bredband.net/catacombae/hfsx.html
http://www.macosxforensics.com/Downloads/Downloads.html

JSUnpack - "...it is a completely passive JavaScript decoder to perform Intrusion Detection, by processing network traffic (either an interface or pcap file), rather than URLs."
http://jsunpack.jeek.org/jsunpack-n.tgz

Memoryze - "Memoryze is designed to aid in memory analysis in incident response scenarios. However, it has many useful features that can be utilized when doing malware analysis. Memoryze is special in that it does not rely on API calls. Instead Memoryze parses the operating systems' internal structures to determine for itself what the operating system and its running processes and drivers are doing."
http://www.mandiant.com/products/free_software/memoryze/

NetworkMiner - "The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network."
http://networkminer.sourceforge.net/

PCAP Forensic Tool - "This tool as of now, hosts the following features:-Packet Summary,DNS Summary,Stream Summary,List files within stream (magic bytes),List files within archives in streams(ZIP and TAR),Extract files based on magic type, Look within ZIP and TAR archives for file type to extract,GZIP Decompression for files and archives, Extraction Summary..."
http://malforge.com/node/30

RecycleReader - "Reads XP, Vista and 7 INFO2 files"
http://www.live-forensics.com/dl/RecycleReader.zip

SleuthKit - "The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data."
http://www.sleuthkit.org/

Skipfish - "A fully automated, active web application security reconnaissance tool."
http://code.google.com/p/skipfish/

SQLiX - "SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL)."
http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project

Xplico - "The goal of Xplico is extract from an internet traffic capture the applications data contained."
http://www.xplico.org

Xtractr - "xtractr is a hybrid cloud application for indexing, searching, reporting, extracting and collaborating on pcaps. "
http://www.pcapr.net/xtractr
+
Malware Analysis Tools30.11.10-08:19
This non-comprehensive list of tools are some of the ones that I use most often. I also included some that may be used as additional resources that may make some tasks easier.

Ariad - "Ariad started as a tool to prevent inserted USB sticks from executing code."
http://blog.didierstevens.com/programs/ariad/

Autorun Manager - ""OSAM" provides an easy one-click way of obtaining detailed information about the components that are run automatically at the system start and can potentially affect its operation."
http://www.online-solutions.ru/en/products/osam-autorun-manager.html

BinText - "A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode"
http://www.foundstone.com/us/resources/proddesc/bintext.htm

Capture-BAT - "Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents, which provides an analyst with insights on how the software operates even if no source code is available."
https://www.honeynet.org/node/315

DLLInject - "DLLInject is a simple command-line utility for loading a DLL into a target process's address space, by using the CreateRemoteThread API to execute LoadLibraryA."
http://research.eeye.com/html/tools/RT20060801-6.html

Fiddler - "Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet."
http://www.fiddler2.com

FileAlyzer - "FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE)."
http://www.safer-networking.org/en/filealyzer/index.html

F-Secure BlackLight - "F-Secure BlackLight is a tool that detects files, folders and processes hidden from the user and other programs.
BlackLight is also able to remove hidden malware by renaming them."
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

GMER - http://www.gmer.net/

Helios - "Helios is an advanced malware detection system has been designed to detect, remove and innoculate against modern rootkits. What makes it different from conventional antivirus / antispyware products is that it does not rely on a database of known signatures."
http://helios.miel-labs.com/

HijackThis - "Scan your computer to find settings changed by spyware, malware or other unwanted programs. Trend Micro HijackThis generates an in-depth report to enable you to analyze and fix your infected computer"
http://free.antivirus.com/hijackthis/

IceSword - "IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show."
http://www.antirootkit.com/software/IceSword.htm

JSUnpack - "The main difference is that it is a completely passive JavaScript decoder to perform Intrusion Detection, by processing network traffic (either an interface or pcap file), rather than URLs."
http://jsunpack.jeek.org/jsunpack-n.tgz

LordPE - "LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,..."
http://www.woodmann.com/collaborative/tools/images/Bin_LordPE_2007-10-21_1.48_LordPE_1.41_Deluxe_b.zip

Malcode Analyst Pack - "The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis. "
http://labs.idefense.com/software/download/?downloadID=8

Malzilla - ""Web pages that contain exploits often use a series of redirects and obfuscated code to make it more difficult for somebody to follow. MalZilla is a useful program for use in exploring malicious pages. It allows you to choose your own user agent and referrer, and has the ability to use proxies. It shows you the full source of webpages and all the HTTP headers. It gives you various decoders to try and deobfuscate javascript aswell."
http://malzilla.sourceforge.net/

McAfee FileInsight - "FileInsight is a handy integrated tool environment for web site and file analysis. Hex editing, syntax highlighting, and it comes with several built-in decoders, built-in calculator, a disassembler, JavaScript scripting support, a Python-based plugin system and many more."
http://download.nai.com/products/mcafee-avert/fileinsight.zip

McAfee Rootkit Detective - "McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system."
http://vil.nai.com/vil/stinger/rkstinger.aspx

McAfee Stinger - "Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations." http://vil.nai.com/vil/stinger/

MS Sysinternals Tools - Specially Process Explorer, TCPView and Strings.
http://technet.microsoft.com/en-us/sysinternals/default.aspx

Ollydbg - "OllyDbg is a 32-bit assembler level analysing debugger for Microsoft(R) Windows(R). Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable."
http://www.ollydbg.de/

OllyDbg Plugins - http://www.openrce.org/downloads/browse/OllyDbg_Plugins

PEiD - "PEiD detects most common packers, cryptors and compilers for PE files. "
http://www.peid.info/

PEInfo - "PEInfo is a program for a detailed analysis of the 32-bit EXE, DLL, OCX, BPL files and other produced according to Portable Executable File Format specification."
http://www.pazera-software.com/products/peinfo/

ProcessHacker - "Process Hacker is a feature-packed tool for manipulating processes and services on your computer."
http://processhacker.sourceforge.net/

Regshot - "Regshot is an open-source(GPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product."
http://sourceforge.net/projects/regshot/

RootkitRevealer - "RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit."
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Rootkit UnHooker - http://www.antirootkit.com/software/RootKit-Unhooker.htm

SpiderMonkey - "SpiderMonkey is the code-name for the Mozilla's C implementation of JavaScript."
http://www.mozilla.org/js/spidermonkey/

SpiderMonkey - DidierStevens Version - "My SpiderMonkey is a modified version of Mozilla's C implementation of JavaScript, with some extra functions to help with malware analysis."
http://blog.didierstevens.com/programs/spidermonkey/

SysAnalyzer - "SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. "
http://labs.idefense.com/software/download/?downloadID=15

User mode Process Dumper - "The User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes"
http://download.microsoft.com/download/8/c/d/8cde0b73-d917-4130-9027-b3fa5b37467c/UserModeProcessDumper8_1_2929_5.exe

WinApiOverride32 - "WinAPIOverride32 is an advanced api monitoring software.
You can monitor and/or override any function of a process.
This can be done for API functions or executable internal functions."
http://jacquelin.potier.free.fr/winapioverride32/

XueTr - Chinese Anti-Rootkit tool
http://xuetr.com/download/XueTr.zip
+
Malicious Document Analysis Tools24.05.10-08:20
The Malicious Document Analysis section contains tools that will definitely turn the task to analyze and determine if one document (Microsoft Office or PDF) is malicious or not and even extract the malicious code from there.

iScanner - "iScanner is a free open source tool lets you detect and remove malicious codes and web pages malwares from your website easily and automatically."
http://iscanner.isecur1ty.org/

SWFScan - "HP SWFScan, a free tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform."
www.hp.com/go/swfscan

SWFTools - "SWFTools is a collection of utilities for working with Adobe Flash files (SWF files). "
http://www.swftools.org/

OfficeCat - "OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file."
http://www.snort.org/vrt/vrt-resources/officecat

OfficeMalScanner - "OfficeMalScanner v0.5 is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams"
http://reconstructer.org/code/OfficeMalScanner.zip

Offviz - "...about detecting malicious docs but we wanted to do more to help defenders. So earlier this year we started working on an Office Visualization Tool called "OffVis"."
http://go.microsoft.com/fwlink/?LinkId=158791

PDF ID - "PDFiD will scan a PDF document for a given list of strings and count the occurrences"
http://www.didierstevens.com/files/software/pdfid_v0_0_10.zip

PDF Parser - "This tool will parse a PDF document to identify the fundamental elements used in the analyzed file. "
http://www.didierstevens.com/files/software/pdf-parser_V0_3_7.zip

PDF Structazer - "This tool enables to analyze PDF documents at the PDF code level and to manipulate every single PDF object in the document."
http://www.esiea-recherche.eu/data/PDF%20Structazer.exe

PDF Toolkit - "If PDF is electronic paper, then pdftk is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses."
http://www.accesspdf.com/pdftk/

PDF Inflater - "PDF_streams_inflater is a tool for extracting and decompressing zlib compressed streams from PDF documents."
Mac Version:
http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=7&lid=27
Linux Version:
http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=5&lid=26
Windows Version:
http://www.mc-antivirus-test.com/modules/PDdownloads/singlefile.php?cid=6&lid=25
+
Firefox Security Extensions02.05.10-17:03
Web Developer Toolbar - "The Web Developer extension adds a menu and a toolbar with various web developer tools. "
https://addons.mozilla.org/en-US/firefox/addon/60

XSS me - "XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities. "
https://addons.mozilla.org/en-US/firefox/addon/7598

No Script - "Allow active content to run only from sites you trust,and protect yourself against XSS and Clickjacking attacks."
https://addons.mozilla.org/en-US/firefox/addon/722

SQLinject me, "SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities. "
https://addons.mozilla.org/en-US/firefox/addon/7597

Hackbar, "Simple security audit / Penetration test tool. " -
https://addons.mozilla.org/en-US/firefox/addon/3899

Tamper data, "Use tamperdata to view and modify HTTP/HTTPS headers and post parameters... " -
https://addons.mozilla.org/en-US/firefox/addon/966

Force TLS, "Force-TLS allows web sites to tell Firefox that they should be served via HTTPS in the future; this helps secure you from accidentally negotiating an insecure session with certain sites."
https://addons.mozilla.org/en-US/firefox/addon/12714

Show Ip - https://addons.mozilla.org/en-US/firefox/addon/590 "Show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right mouse button) and
hostname (left mouse button), like whois, netcraft."

SiteAdvisor - "SiteAdvisor software adds safety ratings to your browser and search engine results."
http://sadownload.mcafee.com/products/SA/IE/upgrade/3.0.1/website/saSetup3.0.1.165.exe

FireShark - "Fireshark is a tool, made up of a Firefox plugin and a set of postprocessing scripts that allows you to capture web traffic from the core of your web browser, enabling you to log events and download content to disk for post-process analysis. "
http://fireshark.org/#download

GreaseMonkey - "Allows you to customize the way a webpage displays using small bits of JavaScript. ... " -
https://addons.mozilla.org/en-US/firefox/addon/748

Firebug - "You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page..." -
https://addons.mozilla.org/en-US/firefox/search?q=firebug&cat=all

Version	: 8.5
Build Number	: 8500
License Info	: Professional Plus - Unlimited Interfaces
License Type	: Trial - Expires on 2010-9-9
Licensed to	: Evaluation User
Database Used	: MYSQL
Interfaces Managed	: 1

z0me nuFzz

Anonymous hrozí zničením DNS. Můžou uspět?23.02.12-00:00

Historie vývoje počítačových her (15.část - herní konzole Atari 5200)23.02.12-00:00

DMCA: proč nestačí současný právní rámec?22.02.12-00:00

Softwarová sklizeň (22. 2. 2012)22.02.12-00:00

Zálohujeme s rsnapshot21.02.12-00:00

Pohled pod kapotu JVM (11.část - instrukce pro tvorbu polí a přístup k prvkům polí)21.02.12-00:00

LibreOffice 3.5: cestou drobných zlepšení20.02.12-00:00

Bezpečnostní střípky: společnost si devět let nevšimla průniku20.02.12-00:00

Komiks: uploaduj, posílíš mír!18.02.12-00:00

Admirálem ve vesmírné ,,skoro" strategii Gratuitous Space Battles17.02.12-00:00

Komiks xkcd 1014: Potíže s autem01.01.70-01:00

Zpravodaj o Víně - 10. 2. 201201.01.70-01:00

Píšeme knihu ve Writeru: praktické poznatky01.01.70-01:00

Jaderné noviny - 9. 2. 2012: Automatické uspávání01.01.70-01:00

Komiks xkcd 1018: Hodnej polda, dadaistickej polda01.01.70-01:00

Událo se v týdnu 7/201201.01.70-01:00

HW novinky: Radeony HD 7700 vůbec poprvé s double-precision v mainstreamu01.01.70-01:00

Komiks xkcd 1013: Probuďte se, ovčani01.01.70-01:00

OpenAFS - uživatel01.01.70-01:00

Hrajeme si s FFmpeg/Libav (2/2)01.01.70-01:00

Jaderné noviny - 2. 2. 2012: Co se v Linuxu 2.6.39 stalo s diskovým výkonem01.01.70-01:00

DSA-2415 libmodplug - several vulnerabilities01.01.70-01:00

DSA-2414 fex - insufficient input sanitization01.01.70-01:00

DSA-2413 libarchive - buffer overflows01.01.70-01:00

DSA-2412 libvorbis - buffer overflow01.01.70-01:00

DSA-2411 mumble - information disclosure01.01.70-01:00

DSA-2410 libpng - integer overflow01.01.70-01:00

DSA-2409 devscripts - several vulnerabilities01.01.70-01:00

DSA-2408 php5 - several vulnerabilities01.01.70-01:00

DSA-2407 cvs - heap overflow01.01.70-01:00

DSA-2406 icedove - several vulnerabilities01.01.70-01:00

DSA-2405 apache2 - multiple issues01.01.70-01:00

DSA-2403 php5 - code injection01.01.70-01:00

DSA-2404 xen-qemu-dm-4.0 - buffer overflow01.01.70-01:00

DSA-2384 cacti - several vulnerabilities01.01.70-01:00

DSA-2402 iceape - several vulnerabilities01.01.70-01:00

DSA-2401 tomcat6 - several vulnerabilities01.01.70-01:00

DSA-2400 iceweasel - several vulnerabilities01.01.70-01:00

DSA-2399 php5 - several vulnerabilities01.01.70-01:00

DSA-2398 curl - several vulnerabilities01.01.70-01:00

DSA-2397 icu - buffer underflow01.01.70-01:00

DSA-2396 qemu-kvm - buffer underflow01.01.70-01:00

DSA-2395 wireshark - buffer underflow01.01.70-01:00

DSA-2394 libxml2 - several vulnerabilities01.01.70-01:00

DSA-2393 bip - buffer overflow01.01.70-01:00

DSA-2392 openssl - out-of-bounds read01.01.70-01:00

DSA-2301 rails - several vulnerabilities01.01.70-01:00

Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability29.12.12-00:00

Vuln: Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability22.02.12-00:00

Vuln: Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability22.02.12-00:00

Vuln: Microsoft Windows ASX File Parsing Remote Buffer Overflow Vulnerability22.02.12-00:00

Bugtraq: [ MDVSA-2012:023 ] libxml201.01.70-01:00

Bugtraq: Multiple XSS in Chyrp01.01.70-01:00

Bugtraq: [ MDVSA-2012:022 ] libpng01.01.70-01:00

Bugtraq: Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines01.01.70-01:00

More rss feeds from SecurityFocus01.01.70-01:00

News: Change in Focus10.03.10-00:00

News: Twitter attacker had proper credentials18.12.09-00:00

News: PhotoDNA scans images for child abuse18.12.09-00:00

News: Conficker data highlights infected networks16.12.09-00:00

Brief: Google offers bounty on browser bugs02.02.10-00:00

Brief: Cyberattacks from U.S. "greatest concern"28.01.10-00:00

Brief: Microsoft patches as fraudsters target IE flaw21.01.10-00:00

Brief: Attack on IE 0-day refined by researchers18.01.10-00:00

News: Monster botnet held 800,000 people's details04.03.10-00:00

News: Google: 'no timetable' on China talks04.03.10-00:00

News: Latvian hacker tweets hard on banking whistle26.02.10-00:00

News: MS uses court order to take out Waledac botnet25.02.10-00:00

Infocus: Enterprise Intrusion Analysis, Part One01.01.70-01:00

Infocus: Responding to a Brute Force SSH Attack01.01.70-01:00

Infocus: Data Recovery on Linux and <i>ext3</i>01.01.70-01:00

Infocus: WiMax: Just Another Security Challenge?01.01.70-01:00

Gunter Ollmann: Time to Squish SQL Injection01.01.70-01:00

Mark Rasch: Lazy Workers May Be Deemed Hackers01.01.70-01:00

Adam O'Donnell: The Scale of Security01.01.70-01:00

Mark Rasch: Hacker-Tool Law Still Does Little01.01.70-01:00

More rss feeds from SecurityFocus01.01.70-01:00

strongSwan IPsec Implementation 4.6.222.02.12-03:58

LiveHelpNow Chat Cross Site Scripting22.02.12-03:56