background preloader

Security

Facebook Twitter

Exploit Pack. PHP bug allowing site hijacking still menaces Internet 22 months on. A vulnerability that allows attackers to take control of websites running older versions of the PHP scripting language continues to threaten the Internet almost two years after security researchers first warned that attackers could use it to remotely execute malicious code on vulnerable servers.

PHP bug allowing site hijacking still menaces Internet 22 months on

As Ars reported 22 months ago, the code-execution exploits worked against PHP sites only when they ran in common gateway interface mode, a condition that applied by default to those running the Apache Web server. According to a blog post published Tuesday, CVE-2012-1823, as the vulnerability is formally indexed, remains under attack today by automated scripts that scour the Internet in search of sites that are susceptible to the attack. The sighting of in-the-wild exploits even after the availability of security patches underscores the reluctance of many sites to upgrade. PHP versions prior to 5.3.12 and 5.4.2 are vulnerable. Google Public DNS Server Traffic Hijacked. The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services.

Google Public DNS Server Traffic Hijacked

The latest bad news is that the World's largest and most widely used Google's free public DNS (Domain name system) resolvers raised security red flags yesterday. DNS is the master address list for the Internet, which translates IP addresses into human readable form and vice versa. According to Internet monitoring firm BGPmon, Google's DNS server 8.8.8.8/32 was hijacked yesterday for 22 minutes.

The Google's DNS server handles around 150 billion queries a day and during the 22 minutes of hijacking, millions of Internet users, including Financial institutions, Governments were redirected to BT’s (British multinational telecommunications services company) Latin America division in Venezuela and Brazil. It's not the first time when Google Public DNS service has been hijacked. Anonymous leaks VMware ESX Server Kernel source code. Anonymous group member "Stun" announce the leak of VMware ESX Server Kernel source code via twitter today.

Anonymous leaks VMware ESX Server Kernel source code

The tweet reads, "WILD LEAKY LEAK. FULL VMware ESX Server Kernel LEAKED LINK #Anonymous #AntiSec". VMware ESX is an enterprise-level computer virtualization product offered by VMware. The reason behind this wild leak by anonymous is that, Vmware continue producing on same level again and again which is not a good practice for better Security. "Bullshitting people and selling crap.

Wordpress

Smoothwall. Tools. Tunel. AntiSpoof. The AntiSpoof extension is an extension for preventing confusable usernames from being created.

AntiSpoof

It blocks the creation of accounts with mixed-script, confusing and similar usernames. For example, if user John Doe is already registered, the extension will block attempts to register: SpamBlacklist. The SpamBlacklist extension prevents edits that contain URLs whose domains match regular expression patterns defined in specified files or wiki pages and registration by users using specified email addresses.

SpamBlacklist

When someone tries to save a page, SpamBlacklist checks the text against a (potentially very large) list of illegal host names. If there is a match, the extension displays an error message to the user and refuses to save the page. Installation and setup[edit | edit source] Installation[edit | edit source] SpamBlacklist requires PHP 5.3 or higher, which means it may not be compatible with an otherwise supported install of MediaWiki.Download and extract the files in a directory called SpamBlacklist in your extensions/ folder. BigAdmin Feature Article: Patch Management Best Practices.

Oracle acquired Sun Microsystems in 2010, and since that time Oracle's hardware and software engineers have worked side-by-side to build fully integrated systems and optimized solutions designed to achieve performance levels that are unmatched in the industry.

BigAdmin Feature Article: Patch Management Best Practices

Early examples include the Oracle Exadata Database Machine X2-8, and the first Oracle Exalogic Elastic Cloud, both introduced in late 2010. During 2011, Oracle introduced the SPARC SuperCluster T4-4, a general-purpose, engineered system with Oracle Solaris that delivered record-breaking performance on a series of enterprise benchmarks. Oracle's SPARC-based systems are some of the most scalable, reliable, and secure products available today.

Sun's prized software portfolio has continued to develop as well, with new releases of Oracle Solaris, MySQL, and the recent introduction of Java 7. Evitar ataques DoS a Apache con mod_evasive » rm-rf.es. El ( ) o ( ), es un ataque a un sistema de servidores o red que causa que un servicio o recurso sea inaccesible a usuarios legítimos. El flujo masivo de peticiones (a través del protocolo TCP/IP) al servidor y los ataques de fuerza bruta provocan el colapso de la red, o la saturación del servidor en cuestión. En esta entrada vamos a tratar de paliar los , que consiste básicamente en lanzar peticiones al servidor web de forma masiva hasta colapsar el mismo. PfSense Open Source Firewall Distribution - Home.

Get IPCop Firewall. Solaris Security Toolkit. 2.  Managing Machine Security (Overview) (System Administration Guide: Security Services) - Sun Microsystems. Product Downloads.