YouOS is an experiment in a new kind of computing platform.
https://www.youos.com
segunda-feira, julho 24, 2006
sábado, julho 22, 2006
The Top 20 Most Critical Internet Security Vulnerabilities
Top Vulnerabilities in Windows Systems
W1. Windows Services
W2. Internet Explorer
W3. Windows Libraries
W4. Microsoft Office and Outlook Express
W5. Windows Configuration Weaknesses
Top Vulnerabilities in Cross-Platform Applications
C1. Backup Software
C2. Anti-virus Software
C3. PHP-based Applications
C4. Database Software
C5. File Sharing Applications
C6. DNS Software
C7. Media Players
C8. Instant Messaging Applications
C9. Mozilla and Firefox Browsers
C10. Other Cross-platform Applications
Top Vulnerabilities in UNIX Systems
U1. UNIX Configuration Weaknesses
U2. Mac OS X
Top Vulnerabilities in Networking Products
N1. Cisco IOS and non-IOS Products
N2. Juniper, CheckPoint and Symantec Products
N3. Cisco Devices Configuration Weaknesses
Source: http://www.sans.org/top20
W1. Windows Services
W2. Internet Explorer
W3. Windows Libraries
W4. Microsoft Office and Outlook Express
W5. Windows Configuration Weaknesses
Top Vulnerabilities in Cross-Platform Applications
C1. Backup Software
C2. Anti-virus Software
C3. PHP-based Applications
C4. Database Software
C5. File Sharing Applications
C6. DNS Software
C7. Media Players
C8. Instant Messaging Applications
C9. Mozilla and Firefox Browsers
C10. Other Cross-platform Applications
Top Vulnerabilities in UNIX Systems
U1. UNIX Configuration Weaknesses
U2. Mac OS X
Top Vulnerabilities in Networking Products
N1. Cisco IOS and non-IOS Products
N2. Juniper, CheckPoint and Symantec Products
N3. Cisco Devices Configuration Weaknesses
Source: http://www.sans.org/top20
terça-feira, julho 18, 2006
Server monitoring
To make all sorts of graphs:
apt-get install munin munin-node
Example: http://munin.ping.uio.no
To compute more statistics:
* anteater
* isoqlog
* mailgraph
Monitor system logs: logcheck:
* sends you mail with abnormal log lines
* It's important to customize what is normal and you do it with regular expressions
Source: http://www.enricozini.org/blog/eng/seventh-day-in-addis.html
apt-get install munin munin-node
Example: http://munin.ping.uio.no
To compute more statistics:
* anteater
* isoqlog
* mailgraph
Monitor system logs: logcheck:
* sends you mail with abnormal log lines
* It's important to customize what is normal and you do it with regular expressions
Source: http://www.enricozini.org/blog/eng/seventh-day-in-addis.html
Games for Linux
http://forums.gentoo.org/viewtopic-t-429035-postdays-0-postorder-asc-highlight-monsterz-start-0.html
segunda-feira, julho 17, 2006
Phoronix Linux Compatible Hardware
Phoronix LCH is designed to be a community-driven indexing system for computer hardware under GNU/Linux. This system allows you to post GNU/Linux information on hardware as well as sharing your own personal experiences when it comes to GNU/Linux compatibility. You are also able to browse and search the database for other hardware as well. This is designed to make it much more effortless when deciding what GNU/Linux compatible hardware to go with during your next upgrade. Phoronix LCH is not distribution specific, and allows comments from all versions of GNU/Linux. Phoronix LCH is to spread what works and what doesn't when it comes to hardware under Linux.
http://www.phoronix.com/lch
http://www.phoronix.com/lch
sábado, julho 15, 2006
Dell laptop explodes at Japanese conference
Fully Open Source NTFS Support Under Linux
The Linux NTFS project has released a beta version of its fully open source userspace (using FUSE) 3G-Linux NTFS support driver. According to the developer, this driver beats hands down other NTFS support solutions performance-wise (including commercial Paragon NTFS driver and also Captive NTFS, which is using windows ntfs.sys driver under WINE).
http://www.linux-ntfs.org
http://www.linux-ntfs.org
terça-feira, julho 04, 2006
The Ten Most Critical Wireless and Mobile Security Vulnerabilities
1. Default WiFi routers: By default, wireless routers are shipped in an un-secured state.
2. Rogue Access Points: set up an authorized access point, without informing the network administrator.
3. Wireless Zero Configuration: When a computer connects to an access point, it generally stores the details of that connection locally. The next time the computer is turned on, the wireless network card immediately looks for the connection and re-establishes the connection. Since the SSID value is sent as plain text, anyone with a sniffer can see it. Programs like Karma automate this process.
4. Bluetooth exploits: BlueSnarfing, BlueBugging, BlueJacking, BlueTooth DoS attacks.
5. WEP Weaknesses: passwords can easily be cracked using Airsnort.
6. Clear Text Encryption Passwords: Some of the most popular mobile encryption programs even store the password in plain text in the registry.
7. Malicious Code: "Airborne" mobile viruses.
8. Autorun: Windows Mobile devices contain a little-known autorun feature that can provide an attacker with a quick and easy method of infection. When a media card is inserted into the PDA, Windows Mobile will copy over the autorun.exe (if it exists), create a copy in the /Windows directory, and execute it. A user can prevent this by creating a read-only dummy executable called autorun.exe and put it in the /Windows folder.
9. Multiple VoIP attacks: VoIP is mostly sent in an unencrypted format. As a result, anyone can see the connection information and capture/record the conversation. Programs like VoMiT and Cain & Abel can easily capture and record conversations. Other programs like sipbomber can kick a user offline. In addition, SiVus (a VoIP scanner) can quickly locate VoIP enabled systems.
10. Lost and stolen devices: All mobile databases should be encrypted. A good, written security policy and user education are also important. Mobile devices should all have a login copyright banner, along with return information.
Fonte: Help Net Security ( http://www.net-security.org/article.php?id=927&p=1 )
2. Rogue Access Points: set up an authorized access point, without informing the network administrator.
3. Wireless Zero Configuration: When a computer connects to an access point, it generally stores the details of that connection locally. The next time the computer is turned on, the wireless network card immediately looks for the connection and re-establishes the connection. Since the SSID value is sent as plain text, anyone with a sniffer can see it. Programs like Karma automate this process.
4. Bluetooth exploits: BlueSnarfing, BlueBugging, BlueJacking, BlueTooth DoS attacks.
5. WEP Weaknesses: passwords can easily be cracked using Airsnort.
6. Clear Text Encryption Passwords: Some of the most popular mobile encryption programs even store the password in plain text in the registry.
7. Malicious Code: "Airborne" mobile viruses.
8. Autorun: Windows Mobile devices contain a little-known autorun feature that can provide an attacker with a quick and easy method of infection. When a media card is inserted into the PDA, Windows Mobile will copy over the autorun.exe (if it exists), create a copy in the /Windows directory, and execute it. A user can prevent this by creating a read-only dummy executable called autorun.exe and put it in the /Windows folder.
9. Multiple VoIP attacks: VoIP is mostly sent in an unencrypted format. As a result, anyone can see the connection information and capture/record the conversation. Programs like VoMiT and Cain & Abel can easily capture and record conversations. Other programs like sipbomber can kick a user offline. In addition, SiVus (a VoIP scanner) can quickly locate VoIP enabled systems.
10. Lost and stolen devices: All mobile databases should be encrypted. A good, written security policy and user education are also important. Mobile devices should all have a login copyright banner, along with return information.
Fonte: Help Net Security ( http://www.net-security.org/article.php?id=927&p=1 )
segunda-feira, julho 03, 2006
Partimage
Partition Image is a Linux/UNIX utility which saves partitions in many formats (see below) to an image file. The image file can be compressed in the GZIP/BZIP2 formats to save disk space, and split into multiple files to be copied on removable floppies (ZIP for example), ... Partitions can be saved across the network since version 0.6.0.
http://www.partimage.org
http://www.partimage.org
Assinar:
Postagens (Atom)