Get More from Ubuntu’s Uncomplicated Firewall

The Ubuntu Unleashed blog has an excellent guide to the ins and outs of the Uncomplicated Firewall (ufw), a new feature in Ubuntu Linux 8.04, or Hardy Heron, that makes it easy to control the traffic into and out of your system. While turning on the firewall is as simple as typing sudo ufw enable, you can do a lot more with ufw, including:

• Check the status of ufw with the ports in the listening state: sudo ufw status
• Block a single host: sudo ufw deny from {IP address}
• Allow all access to port 80 (for web serving): sudo ufw allow 80/tcp

Hit the link for a handy bookmark or printout that lets you control your net security with single terminal commands.

Howto: Use, setup, and Take advantage of the New Ubuntu Uncomplicated Firewall UFW [Ubuntu Unleashed]

Source: Lifehacker

Posted in Internet, Linux, Privacy, Security | No Comments

browserrecon – Passive Browser Fingerprinting

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted attacks, drive-by pharming and web-based phishing provide a broad aspect of threats during surfing in the world wide web. Attacker might initialize and optimize their attacks by fingerprinting the target application to find the best possible way to compromise the client.

The browserrecon project is going to prove, that client-side fingerprinting is possible and useful too. In this particular implementation, currently available in php only, the given web browser is identified by the used http requests. Similar to the http fingerprinting provided within httprecon (http://www.computec.ch/projekte/httprecon/) the header lines and values are analyzed and compared to a fingerprint database.

The current implementation of browserrecon is provided as a php script and ready for live testing on the project web site. However, all web-based scripting languages that are able to access the http headers sent by the client are able to provide the same functionality. Further ports to ASP.NET, JSP and classic CGI are possible. Even the web server itself or an inline device (e.g. a sniffer or a firewall) might be able to do the same fingerprinting of the http request behavior.

A very similar approach for client-side application fingerprinting can be applied to other services and clients too. For example mail clients can be identified by their individual smtp and pop3 command chains. Or ftp clients might be determined by their specific command sequences.

Download

Read More…

Posted in Internet, Privacy, Security, Software | No Comments

SQL injection attacks becoming more intense

The mass SQL injection attacks we’ve mentioned here and here are increasing in numbers and we’re seeing more domains being injected and used to host the attack files and we believe that there are now more than one group using a set of different automated tools to inject the code.

Previously these attacks have primarily pointed to IP addresses in China and we’ve seen the following domains being used in addition to the ones we’ve mentioned previously:

www.wowgm1(dot)cn
www.killwow1(dot)cn 
www.wowyeye(dot)cn
vb008(dot)cn
9i5t(dot)cn
computershello(dot)cn

We’ve now seen other domains being used as well such as direct84(dot)com which is inserted by a SQL injection tool (detected as HackTool:W32/Agent.B) distributed to the Asprox botnet. SecureWorks has a nice writeup available. The direct84(dot)com domain fast-fluxes to several different IPs in Europe, Israel and North America.

The injected link eventually leads to a backdoor detected as Backdoor:W32/Agent.DAS.

This is a good time to again mention that it’s not a vulnerability in Microsoft IIS or Microsoft SQL that is used to make this happen. If you an administrator of a website that is using ASP/ASP.NET you have to make sure you sanitize all inputs before you allow it to access the database. There are lots of articles on how to do this such as here. You could also have a look at URLScan which provides an easy way to filter this particular attack based on the length of the QueryString.

Source: F-Secure

Posted in Internet, Security | No Comments

New Tests Show Rootkits Still Evade AV

Rootkits are still a security scanner’s worst nightmare: New rootkit detection tests recently conducted by AV-Test.org found that security suites and online Web scanners detected overall only a little more than half of rootkits.

AV-Test.org, an indie security test organization based in Germany, ran two rootkit tests last month, one on Microsoft’s XP Home Edition and another on Microsoft Vista Ultimate Edition, the results of which have been published in a paper now available on the group’s Website.

The XP test used 30 active rootkits and 30 pieces of malware using rootkit technologies. Not surprisingly, anti-rootkit tools did the best, detecting about 80 percent of the rootkits overall, while the security suites found over 66 percent, and online scanners, only 53 percent. Some tools crashed or hung up after completing the rootkit scans, and those were counted as “not detected.”

Security suites did better detecting inactive rootkits than active ones — most found all (or nearly all) 30. But detecting and cleaning up active rootkits — which is the task that AV-Test.org considers the “real rootkit test” — was another story.

Avira AntiVir Premium Security Suite 7.06.00.168 and BitDefender’s Internet Security Suite 2008 11.0.13 led the pack in overall detection of both inactive and active rootkits: Avira’s tool found 28 inactive rootkits and 29 active ones, and all 30 pieces of the malware hidden by rootkits. BitDefender’s tool found all 30 inactive rootkits, 28 of the active ones, and 29 pieces of malware hidden by rootkits.

Read the rest of this story…

Posted in Coding, Hardware, Linux, Networking, Privacy, Security, Software, Windows | No Comments

Ubuntu Linux: 5 Steps for resetting a forgotten password

It happens to everyone. You have so many usernames and passwords that you can’t remember them all. Fortunately, Facebook, Gmail, and about a billion other online services have a “forgot password” link. Just click it and the web service will either email your password to you or allow you to reset it and enter a new one.

But what happens when you forget the password for your operating system. Not that this has ever happened to us, but hypothetically let’s say we were trying to perform a fresh install of Ubuntu on a laptop this afternoon. We zipped through the installation screens so quickly that we may have accidentally included a typo in our password. So when the installation was complete, our (still hypothetical) computer booted up, loaded a splash screen, and then wouldn’t let us login no matter how many variations of our password we type.

While you might think the easiest thing to do is reinstall Ubuntu, (after all, this is a clean install so it’s not like we’d be losing any data on our hypothetical system), you can save yourself 15-30 minutes by changing the password. It turns out you don’t have login to change your password. As we discovered thanks to a useful post on the Ubuntu forums, you can do it from the bootloader screen. Check out the 5 easy steps after the jump.

Read the rest of this story…

Posted in Linux, Privacy, Security, Software | No Comments