Using ZTE MF627 in openSUSE 11.3

Recently I got a chance to test ZTE MF627 USB 3G modem. To be able to use ZTE MF627 3G modem in openSUSE 11.3 you need to install the usb_modeswitch program. In openSUSE 11.3 it separated in two packages :

  • usb_modeswitch
  • usb_modeswitch-data

Please make sure you install the above packages with version 1.1.3 or newer.

Continue reading

Advertisements

goorecon.rb small problems

While doing a research I utilized goorecon.rb in BackTrack 4. Unfortunately I encountered several problems while using it to enumerate email address.

Let’s produce the problem again here. I want to enumerate all of the email addresses of domain yourbank.com using goorecon.rb :

./goorecon.rb -e yourbank.com
call_center@emyourank.com
helpdesk@emyourank.com
info@emyourank.com

Can you see where the problems are ?

Continue reading

OSSIM : Lessons Learned from Tuning Snort IDS

Recently I’ve been busy with tuning Snort IDS (Intrusion Detection System) included with OSSIM. Compare to the installation process, the tuning process is much more involved and time-consuming.

You may wonder why should you do the tuning for you IDS ? Because if you don’t tune the IDS to suit your network environment (servers, network devices, security devices) you will get a lot of events. And I really mean A LOT OF. I received more than 100,000 events each day during the days before I did the tunnng.  It’s a sure thing that if you received this number of events, you will not analyze them, you may not even read them anymore. The good thing is they are all false-positive, so you can ignore them. And of course you don’t want to store those false-positive events to disk. After the tuning process, I received less than ten events per day. :D

Continue reading

Suricata RC1 Has Been Released

Suricata RC1 has been released. The latest version include the following new features :

  • Support for the http_headers keyword was added
  • libhtp was updated to version 0.2.3
  • Privilege dropping using libcap-ng is now supported
  • Proper support for “pass” rules was added
  • Inline mode for Windows was added

I have also updated the openSUSE RPM specfile for the latest Suricata release.

OWASP Top 10 2010

OWASP just released the latest Top 10 Web Application Security Risks for 2010. And here is the list :

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards