Category Archive: security

Sep 26 2014

CVE-2014-6271 bash vulnerability

Guess what I found in trivia’s logs this morning? 89.207.135.125 – – [25/Sep/2014:10:48:13 +0100] “GET /cgi-sys/defaultwebpage.cgi HTTP/1.0” 404 345 “-” “() { :;}; /bin/ping -c 1 198.101.206.138” I’ll bet a lot of cgi scripts are being poked at the moment. Check your logs guys. A simple grep “:;}” access.log will tell you all you need …

Continue reading »

Permanent link to this article: http://baldric.net/2014/09/26/cve-2014-6271-bash-vulnerability/

Jul 23 2014

department of dirty

Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”. Most such phishing …

Continue reading »

Permanent link to this article: http://baldric.net/2014/07/23/department-of-dirty/

Apr 16 2014

nsa operation orchestra

In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014’s FOSDEM. In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/16/nsa-operation-orchestra/

Apr 15 2014

boot and nuke no more

I was contacted recently by a guy called Andy Beverley who wrote: Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/15/boot-and-nuke-no-more/

Apr 08 2014

heartbleed

This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/08/heartbleed/

Feb 12 2014

checking client-side ssl/tls

At the tail end of last year I mentioned a couple of tools I had used in my testing of SSL/TLS certificates used for trivia itself and my mail server. However, that post concentrated on the server side certificates and ignored the security, or otherwise, offered by the browser’s configuration. It is important to know …

Continue reading »

Permanent link to this article: http://baldric.net/2014/02/12/checking-client-side-ssltls/

Jan 22 2014

dis-unity

The “cloud” is achingly trendy at the moment and new companies offering some-bollocks-as-a-service (SBaaS) keep popping up all over the ‘net. Personally I am extremely unlikely to use any of the services I have seen, I just don’t trust that particular business model. I checked out the website for one of these companies today following …

Continue reading »

Permanent link to this article: http://baldric.net/2014/01/22/dis-unity-2/

Jan 20 2014

thrust update

I have just run a search for further evidence of the possible compromise at thrustvps and found threads on webhostingtalk, vpsboard, freevps.us and habboxforum amongst others. All of those comments are from people (many, like me, ex-customers) who have received emails like the one I referred to below. So, I guess thrust /do/ have a …

Continue reading »

Permanent link to this article: http://baldric.net/2014/01/20/thrust-update/

Jan 18 2014

thrustvps compromised?

I have not used thrust since my last contract expired. I left them because of their appalling actions at around this time last year. However, today I received the following email from them: From: Admin To: xxx@yyy Subject: Damn::VPS aka Thrust::VPS Date: Sat, 18 Jan 2014 03:28:06 +0000 This is a notification to let you …

Continue reading »

Permanent link to this article: http://baldric.net/2014/01/18/thrustvps-compromised/

Dec 10 2013

ssl cipher check

My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that …

Continue reading »

Permanent link to this article: http://baldric.net/2013/12/10/ssl-cipher-check/

Dec 08 2013

where are you now?

image of map in germany

The ongoing revelations from Snowden continued recently with reporting in the Washington Post about the NSA’s program to track mobile ‘phone location data. Reporting here and elsewhere suggests that the NSA is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world. That reporting, and its obvious implications, reminded me …

Continue reading »

Permanent link to this article: http://baldric.net/2013/12/08/where-are-you-now/

Dec 07 2013

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look …

Continue reading »

Permanent link to this article: http://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/

Older posts «

» Newer posts