There are two big areas to focus on: Making it hard to get in. Creating policies and procedures to calmly and efficiently handle the event of someone getting in past point 1. Making it hard to get in This is a very complex topic, and a lot of it focuses around making sure you have … Read more
compare grep usr/sbin/sshd /var/lib/dpkg/info/openssh-server.md5sums to md5sum /usr/sbin/sshd. When they come up with different md5sums, you are no longer using the packaged version. If they are the same, it doesn’t mean anything definitive, since anyone who is able to modify your sshd binary obviously has privileges to alter the md5sum recorded in /var/lib/dpkg/info. The next step … Read more
While the answer can depend greatly on the agency you are attempting to inform, I believe that in general you should. In fact, since monitoring and responding to the abuse mailbox for our organization is one of my primary job duties, I can positively say, ‘Yes Please!’. I had this same conversation with members of … Read more
0) Yes. At the very least, it’s a systematic probe against your site trying to discover if it’s vulnerable. 1) Other than making sure that your code is clean, there’s not a lot you can do but run your own tests against your host to make sure it’s safe. Google Skipfish is one of the … Read more
As far as a service similar to pingdom, but applied to security, I will suggest Sucuri’s free Network integrity monitor. What it does? It monitors your web site (and domains) on real time and alert you if they are ever defaced, blacklisted, hacked, etc. Link: http://sucuri.net As the name implies, it monitors the integrity of … Read more
It has been shown time and time again it’s not ethical. And if you discover a flaw, then they’ll likely nail you to the wall if they don’t mind the publicity. When you do any sort of security testing, make sure you have permission in writing from someone with the authority to give it. Why? … Read more
ophcrack is a live cd that boots and brute-forces passwords on a windows machine. http://ophcrack.sourceforge.net/
Of course it is possible to exploit another VM running on the same hardware, given a working exploit. Additionally, one can exist. Your question cites some recent work showing one. I’m not going to share any specific exploits or PoC here, but I’ll gladly say how they can be made. The exploits that are used … Read more
Firewalls have two main choices when receiving unwanted connection attempts. REJECT – send a response saying the port/service/etc is closed or unavailable DROP – don’t respond and just drop the packets The words REJECT/DROP aren’t standard or used across all firewalls but the difference between the concepts behind the two possible actions will be there. … Read more
Comment from Damien Miller (OpenSSH developer): http://lwn.net/Articles/340483/ In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks. So, I’m not pursuaded that an 0day exists at all. The only evidence so far are some anonymous rumours and unverifiable intrusion transcripts.