« December 2004 | Main | February 2005 »
January 27, 2005
Man Jailed for using a Nonstandard Browser
From BoingBoing:
A Londonder made a tsnuami-relief donation using lynx -- a text-based browser used by the blind, Unix-users and others -- on Sun's Solaris operating system. The site-operator decided that this "unusual" event in the system log indicated a hack-attempt, and the police broke down the donor's door and arrested him. From a mailing list:
For donating to a Tsunami appeal using Lynx on Solaris 10. BT [British Telecom] who run the donation management system misread an access log and saw hmm thats a non standard browser not identifying it's type and it's doing strange things. Trace that IP. Arrest that hacker.
Armed police, a van, a police cell and national news later the police have gone in SWAT styley and arrested someone having their lunch.
Out on bail till next week and preparing to make a lot of very bad PR for BT and the Police....
So just goes to show if you use anything other than Firefox or IE and you rely on someone else to interogate access logs or IDS logs you too could be sitting in a paper suit in a cell :(
:Link:
Posted by 0xFF3300 at 10:09 AM | Comments (0) | TrackBack
January 18, 2005
Hardened Security
As for Linux, a correctly-configured hardened box should come close to VMS in security. The sorts of things that you could configure to do this are as follows:
* Configure iptables to block ports that should not be visible from the outside. Either that, or get it to return spurious data, to confuse scanners.
* Use one (or preferably two) of SE-Linux, GRSecurity and RSBAC, to make it hard to actually use any exploits that are found.
* Disable insecure protocols where possible. If you have to use them, run them over IPSec.
* If a server isn't time-sensitive, then use a bounds-checker such as ElectricFence to reduce the risks.
* Use a pro-active NIDS to block suspicious traffic (usually an indicator of a scan).
* Verify file permissions with a utility such as TARA, although that one might be a little old these days.
* Scan for weaknesses with the latest Nessus and -at least- one other independent security scanner.
The reason for so many steps is that Linux is flexible. Flexibility, if used well, can make for an extremely tough system. If used badly, it can make for a highly vulnerable system. Mistakes are not always easy to catch, so it's better to have enough independent redundancy that a failure isn't catastrophic.
Posted by 0xFF3300 at 07:24 AM | Comments (0) | TrackBack
January 11, 2005
HTTP.sys and HTTP Server Sample Application
It's interesting how unbeleivably vague the HTTP.sys (HTTP API) documentation is. There is a single sample application with no documentation other than some very minimal comments. Sorry folks, but I can't wait until .NET 2.0 finally comes out to utilize this new kernel mode driver, but I can find hardly any info on it even to use it in C++ application. I'm also sick of all the Microsft folks who have been tauting and using the new .NET 2.0 Beta as if it is already released. I know .NET 2.0 is nifty, I'll be the first one to use it, but until it comes out officially it's off limits for work projects.
Posted by 0xFF3300 at 02:37 PM | Comments (0) | TrackBack
January 10, 2005
Using Nunit and Cassini to Test a Server
This is a truly great article on scott hanselman's site: NUnit Unit Testing of ASP.NET Pages, Base Classes, Controls and other widgetry using Cassini. Very nice idea.
:Link:
Posted by 0xFF3300 at 02:55 PM | Comments (0) | TrackBack
January 06, 2005
Microsoft Windows AntiSpyware (Beta) Availaible
"Windows AntiSpyware (Beta) is a security technology that helps protect Windows users from spyware and other potentially unwanted software. Known spyware on your PC can be detected and removed. This helps reduce negative effects caused by spyware including slow PC performance, annoying pop-up ads, unwanted changes to Internet settings, and unauthorized use of your private information. Continuous protection improves Internet browsing safety by guarding over 50 ways spyware can enter your PC."
The worldwide SpyNet™ community plays a key role in determining which suspicious programs are classified as spyware. Microsoft researchers quickly develop methods to counteract these threats, which are automatically downloaded to your PC, so you stay up-to-date.
Posted by 0xFF3300 at 09:19 AM | Comments (0) | TrackBack
January 03, 2005
.NET 2.0 Provides Interface to HTTP.sys
System.Net contains several new classes for interfacing with http.sys. HttpListener is the focal point of these classes. Using it, you can create a simple Web server (or listener) that responds to incoming HTTP requests. The listener remains active for the lifetime of the HttpListener object, although you can tell it to start and stop listening on command.
Only one HttpListener can be listening for a specific URI prefix. You'll get a Win32Exception exception if you attempt to add a duplicate. When you specify a port, you can replace the host name with "*" to indicate that this listener should handle all URIs with this port unless they're matched by another HttpListener.
Posted by 0xFF3300 at 03:17 PM | Comments (0) | TrackBack