I just set up my Raspberry Pi as a Pi-Hole and I couldn't be more pleased.
It was super simple to set up and install the Pi-Hole software. You can read all about it on pi-hole.net. I just updated my Pi and followed their instructions. I set a static IP on my router and even pointed my local network clients to use the Pi-Hole for DNS (IPv4 and IPv6). It was that simple and now everything on my Wifi is "safer". I was especially shocked at all of the legal adware sites that are being "pi-holed".
I like to think that most of the information is anonymous but why risk it when something like this is available for free (I plan to donate) and so easy to set up. Go get yourself a Raspberry Pi and get it done.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Nov 7, 2018
Nov 6, 2012
Researcher advises against use of Sophos antivirus on critical systems
Any exploit of any piece of software that remains un-patched is dangerous. If you have software that's deployed on an enterprise level, it makes it that much more important to have layers of security and excellent patching processes for ALL of your software.
From Arstechnica.
"Sophos claim that their products are deployed throughout healthcare, government, finance, and even the military," Tavis Ormandy wrote in an e-mail posted to a public security forum. "The chaos a motivated attacker could cause to these systems is a realistic global threat. For this reason, Sophos products should only ever be considered for low-value non-critical systems and never deployed on networks or environments where a complete compromise by adversaries would be inconvenient."
A more detailed report that accompanied Ormandy's e-mail outlined a series of vulnerabilities that attackers can exploit remotely to gain complete control over computers running unpatched versions of the Sophos software. At least one of them requires no interaction on the part of a victim, opening the possibility of self-replicating attacks, as compromised machines in turn exploit other machines, he said. The researcher provided what he said was a working exploit against Sophos version 8.0.6 running Apple's OS X. Attackers could "easily" rewrite the code to work against unpatched Sophos products that run on the Windows or Linux operating systems, he said.
A post published to Sophos's Naked Security blog around the same time Ormandy released his report thanked the researcher for privately disclosing the vulnerabilities so they could be fixed before attackers have the knowledge required to exploit them.
"The work of Tavis Ormandy, and others like him in the research community, who choose to work alongside security companies, can significantly strengthen software products," the post stated. "On behalf of its partners and customers, Sophos appreciates Tavis Ormandy's efforts and responsible approach."
The Sophos post detailed eight fixes that were released from 42 days to 55 days after Ormandy privately brought them to the attention of Sophos engineers. For his part, Ormandy concluded that the amount of time it took to release the patches was excessive.
"Sophos simply cannot react fast enough to prevent attacks, even when presented with a working exploit," he wrote. "Should an attacker choose to use Sophos Antivirus as their conduit into your network, Sophos will simply not be able to prevent their continued intrusion for some time, and you must implement contingency pans to handle this scenario if you choose to continue deploying Sophos."
A security researcher at Google, Ormandy stressed that his report and comments were entirely his, and not those of his employer.
With marked improvements in the security of browsers and Adobe's Reader and Flash applications, it wouldn't be surprising for attackers, particularly well-funded ones targeting a specific corporation or government agency, to turn their attention to AV programs. The detailed interactions AV programs have with browsers and sensitive operating system regions means there's plenty of opportunity.
It's unclear if Ormandy has analyzed the security of other antivirus products so he can arrive at an assessment of how they compare to Sophos. He didn't respond to an e-mail seeking comment for this post.
May 18, 2012
May 11, 2012
CBORD Steps into the 21st century!
Well, it looks like CBORD has taken a big step here... they are going out on a limb and offering SECURE FTP for file transfers, OMG!
CBORD now offering Secure FTP
I know, I know... it's a risky endeavor but someone had to take the lead and offer this service to their customers. After all, it's 2012 and we need to start thinking about the future. No more of this waiting around for integral services to be vetted by the rest of the software development communities. They are taking the bull by the horns and rolling out this service as quick as possible.
CBORD now offering Secure FTP
I know, I know... it's a risky endeavor but someone had to take the lead and offer this service to their customers. After all, it's 2012 and we need to start thinking about the future. No more of this waiting around for integral services to be vetted by the rest of the software development communities. They are taking the bull by the horns and rolling out this service as quick as possible.
Feb 23, 2012
How to test OS X Mountain Lion's Gatekeeper in Lion, (Wed, Feb 22nd)
How to test OS X Mountain Lion's Gatekeeper in Lion, (Wed, Feb 22nd): While I started working on comparing various OS X hardening guides (see the prior diary from a coupl ...(more)...
Aug 16, 2011
Firefox 6 patches 10 dangerous security holes
Firefox 6 patches 10 dangerous security holes: "The vulnerabilities are serious enough to allow an attacker to launch harmful code and install software, requiring no user interaction beyond normal browsing."
Aug 14, 2011
Another Malware Victim
Yesterday I had a visit from a family friend and of course, they brought along an infected laptop. His daughter's new Toshiba laptop was all shiny and fresh out of the box but it just wasn't working like it used to. Of course not; it had over 50 infections of various breeds of malware and trojans.
This was a brand new PC running the latest version of Windows and fully patched. There were two well known AV programs installed not to mention Microsoft Security Essentials. The reason she was infected is simple: "click this box to save the world". No amount of security in the world will protect people from their own infallible minds. We can try to protect people from all sorts of threats in the world; virus, terrorists, crime, even taxes but in the end we are all victims of our own gullible minds. Let's face it, if bad people can design a web page to look legit, they can just as easily make an application look identical to any number of seemingly safe applications. One errant click and "it's goodbye Seattle" --Steve Martin.
Microsoft Security Scanner is a frequently updated tool (it is only valid for 10 days) that can be downloaded and copied to an infected system either in safe mode or from a secondary boot method. This tool should find and remove most malware or virus.
Jul 19, 2011
NoScript Awarded $10,000
NoScript Awarded $10,000: "An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: 'NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment.'
"
"
May 27, 2011
Call Interception Demonstrated On New Cisco Phones
Call Interception Demonstrated On New Cisco Phones: "mask.of.sanity writes 'Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements.'
Confessions of a Computer Repairman
Confessions of a Computer Repairman: "nk497 writes "What really happens to your PC when it's handed over to computer repair cowboys? We reveal the horror stories from computer repair shops — the dodgy technicians that install pirated software, steal personal photos, lie about hardware upgrades, upsell to the unsavvy, or simply steal your PC to sell on. Plus, we tell you how to avoid such dodgy fixers and find a trustworthy repairman.
"
"
May 3, 2011
Repudiate This!
I've been hearing this term at work a lot lately so here is the Wikipedia definition for digital non-repudiation.
Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:[1]
- A service that provides proof of the integrity and origin of data.
- An authentication that with high assurance can be asserted to be genuine.
Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as SHA2, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information.
The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure, to which digital signatures belong. They can also be used for encryption. The digital origin only means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.
Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE
Wow, this is just incredible.
Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE: "An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data.
'... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.'"
Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE: "An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data.
'... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.'"
Mar 2, 2011
Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4, (Wed, Mar 2nd)
Updates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4, (Wed, Mar 2nd): "Fresh from the Mozilla team Firefox 3.6 ...(more)..."
Feb 17, 2011
New Windows SMB 0-Day Vulnerability
Windows 0-day SMB mrxsmb.dll vulnerability, (Wed, Feb 16th): "A new vulnerability has been discovered exploiting SMBcomponent of Windows. The attack involve ...(more)..."
Feb 8, 2011
Google Family Safety Center
I'll be adding this to the list or home computing resources. What a great tool.
Google Family Safety Center
Jan 28, 2011
New Critical Bug In All Current Windows Versions
New Critical Bug In All Current Windows Versions: "Trailrunner7 writes 'Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008. Microsoft issued an advisory about the MHTML vulnerability, which has been discussed among security researchers in recent days. There is some exploit code available for the bug, as well. In addition to the advisory, Microsoft has released a FixIt tool, which helps mitigate attacks against the vulnerability in Windows.'
Jan 24, 2011
Apple hires former NSA, Navy analyst as security czar
Apple hires former NSA, Navy analyst as security czar: "In response to calls for increased security from enterprise clients, Apple has hired cybersecurity expert and author David Rice as its director of global security, a new report claims.
Jan 6, 2011
Useful Splunk Queries
So we finally have a working reliable installation of Splunk on site and I am starting to build some useful queries. There is so much information available it's almost too hard to make a reliable query that returns the information you need (without false positives).
sourcetype="WinEventLog:Security" User Name: "CategoryString=Logon/Logoff" User_Name="administrator" | chart count(eval(Type="Failure Audit")) as "Login Failures" by src_ip
This will give you a nice chart showing a count of Administrator logon failures by source IP.
If you find yourself getting data that you aren't sure is real or should be ignored, I find the best way to be sure is to verify with a known failure or reproduction of the issue to be tracked. In this case, I simply attempted to log in with a bad password and my attempt showed up after a refresh.
sourcetype="WinEventLog:Security" User Name: "CategoryString=Logon/Logoff" User_Name="administrator" | chart count(eval(Type="Failure Audit")) as "Login Failures" by src_ip
This will give you a nice chart showing a count of Administrator logon failures by source IP.
If you find yourself getting data that you aren't sure is real or should be ignored, I find the best way to be sure is to verify with a known failure or reproduction of the issue to be tracked. In this case, I simply attempted to log in with a bad password and my attempt showed up after a refresh.
Nov 12, 2010
Facebook Mail?
Given the amount of times I've had to "re-secure" my account settings, I think I'll pass on this one. At least I think/hope the data Google makes available is anonymous. When developers have access to the data (Farmville) you can be sure it's not.
Why You'll Give Up Gmail for Facebook Mail [Facebook]:
"Get ready for a new invasion wave from Facebook: Mail. According to Techcrunch's sources, a full webmail client integrated with The One and Only Social Network will debut next Monday. This is why it may become your favorite webmail service. More »"
Why You'll Give Up Gmail for Facebook Mail [Facebook]:
"Get ready for a new invasion wave from Facebook: Mail. According to Techcrunch's sources, a full webmail client integrated with The One and Only Social Network will debut next Monday. This is why it may become your favorite webmail service. More »"
Nov 11, 2010
Subscribe to:
Posts (Atom)