Several days ago, I took a break from doing my work. I did an exercise to sharpened my “rusty” scripting skills. My goal was to develop a simple script using Ruby to get the top passwords cracked from MD5 Statistics page. This should be an interesting exercise for my brain. :D
Unfortunately, my scripting skills was so rusty, so it took me a while to code this simple script.
After doing an upgrade to MSF4, when I run msfconsole, I was greeted by the following “scary error message” :
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018 es: 0018 ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
What a “cool” welcome message. :D
Automattic, the company behind the WordPress.com platform experienced a low-level break-in to several of its servers.
Although at this moment, there haven’t any information about the extend of this incident, as the Automattic’s people are still doing investigation.
If your blog is located in the wordpress.com domain, you may want to follow the suggestions offered by the WordPress about the security fundamentals located in the link mentioned above.
While doing a research I utilized goorecon.rb in BackTrack 4. Unfortunately I encountered several problems while using it to enumerate email address.
Let’s produce the problem again here. I want to enumerate all of the email addresses of domain yourbank.com using goorecon.rb :
./goorecon.rb -e yourbank.com
Can you see where the problems are ?
Recently I’ve been busy with tuning Snort IDS (Intrusion Detection System) included with OSSIM. Compare to the installation process, the tuning process is much more involved and time-consuming.
You may wonder why should you do the tuning for you IDS ? Because if you don’t tune the IDS to suit your network environment (servers, network devices, security devices) you will get a lot of events. And I really mean A LOT OF. I received more than 100,000 events each day during the days before I did the tunnng. It’s a sure thing that if you received this number of events, you will not analyze them, you may not even read them anymore. The good thing is they are all false-positive, so you can ignore them. And of course you don’t want to store those false-positive events to disk. After the tuning process, I received less than ten events per day. :D
Suricata RC1 has been released. The latest version include the following new features :
- Support for the http_headers keyword was added
- libhtp was updated to version 0.2.3
- Privilege dropping using libcap-ng is now supported
- Proper support for “pass” rules was added
- Inline mode for Windows was added
I have also updated the openSUSE RPM specfile for the latest Suricata release.
OWASP just released the latest Top 10 Web Application Security Risks for 2010. And here is the list :
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management
- A4: Insecure Direct Object References
- A5: Cross-Site Request Forgery (CSRF)
- A6: Security Misconfiguration
- A7: Insecure Cryptographic Storage
- A8: Failure to Restrict URL Access
- A9: Insufficient Transport Layer Protection
- A10: Unvalidated Redirects and Forwards