Security :: Attackers Now Using Honeypots To Trap Researchers?
Nov 5, 2010
Quote: Attackers are constantly changing their tactics and adapting to what the security community and researchers are doing, and it's not unusual for the bad guys to adopt techniques used by their adversaries. The latest example of this is a malware gang that has deployed what amounts to a honeypot designed to monitor the activity of researchers or other attackers who try to access a command-and-control server.
View 1 Replies
ADVERTISEMENT
Nov 10, 2010
With the disappearance of an OS monoculture, attackers would do well to find attacks that are neither OS or application specific. One way to do that, of course, is to target attacks at hardware, rather than software. Now research out of Frances Ecole Superiore d'Informatique, Electronique, Automatique (ESIEA) moves a step closer to that goal: identifying a method for isolating the processor used by anonymous systems for the purpose of subverting that hardware.
View 2 Replies
View Related
Sep 2, 2010
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
View 10 Replies
View Related
Jun 8, 2011
here is my mail log I have setup virtual hosting with postfix and courier examples from my maikl.info file
Code:
8 14:46:46 dynamicweb pop3d: LOGIN FAILED, user=arthur, ip=[::ffff:95.31.15.64]
Jun 8 14:46:46 dynamicweb pop3d: LOGIN FAILED, user=ashley, ip=[::ffff:95.31.15.64]
Jun 8 14:46:46 dynamicweb pop3d: LOGOUT, ip=[::ffff:95.31.15.64]
[Code]...
View 5 Replies
View Related
Jul 20, 2010
Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations.New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded.
View 9 Replies
View Related
Aug 29, 2010
I would like to learn the right way, or some neat technique, to discover why a compiled-from-source application just unaccountably quits. it it easy enough to discover that the pre-compiled version from Ubuntu does work just fine. My motivation is to explore, and maybe try to modify it a little for myself.
At my level of programming expertise, I have often used the "sh configure, make, make install" route; and sometimes made small changes to the code eg. changing a window size and similar. C and C++ tutorials teach the main rules, but I am no expert at classes, structures or obscure expression tricks.
The application is a QT type called "qantenna", used for electromagnetic simulation of antennas. The source I downloaded from SourceForge. Although a KDE application, the repository version seems to run just fine on my Ubuntu 9.10 Karmic (soon to become Lucid), on its Gnome desktop.
The compiled version behavior is that the main window opens and runs OK, with the GUI view operating with fully alterable views. As soon as a valid antenna file is loaded, the whole application instantly quits.
How does one deal with an application that gives no chance to catch it doing things wrong?
View 14 Replies
View Related
Nov 21, 2010
Code:
#!/bin/sh
onexit()
{
echo "Error At line - $1"
}
[Code].....
What I want to do is to make the onexit function to handle any generic error that comes during script execution. I am not thinking about using 'set -e' since it will cause a quick exit. I did 127, because I wanted my script to handle atleast the command not found error. I am not thinking about handling any interrupt or any other signal at the moment.
View 10 Replies
View Related
Mar 4, 2011
I'm trying to get SNMP setup so I can send custom snmp trap messages. I followed this "How to" [URL] and I think I have it setup and working. This is my fist time messing around with SNMP, and I don't know where to check to see if I received the trap message. Do the snmp trap message even get logged any where?
View 1 Replies
View Related
Jun 16, 2010
#!/bin/sh
trap "echo Haha" SIGUSER1
echo "asit"
count=1
while [ $count -le 10 ]
do
echo "Loop #$count"
sleep 10
count=$[ $count + 1 ]
done
echo "This is the end"
Why this is showing following error?
trap: 3: SIGUSER1: bad trap
View 4 Replies
View Related
Oct 15, 2010
how an agent itself generate trap on some particular situation arises
View 1 Replies
View Related
Jul 3, 2010
how can I configure snmp and snmptrap to receive a trap when the used disk (/home/linux) is 20%
View 1 Replies
View Related
Mar 27, 2010
I wanted to know is there any way to send a content of a file as snmp trap with snmpd agent of linux?
View 3 Replies
View Related
Mar 16, 2011
I want to generate snmp trap when cpu usage is high..me how to configure snmpd.conf....to generate this trap...
View 2 Replies
View Related
Jan 8, 2011
In cisco 6509 switch port 1status is being traped it is showing "SNMP CRITICAL - *down(2)*"
View 2 Replies
View Related
Nov 8, 2010
I have a function in perl which I want to use trap all errors a script ocurs which the script does not explicitly handle. These errors are then logged to various places. So I tried to use a eval block but the problem I have is sometimes if you put a die statement in the evaled script it doesn't get handled. What I have so far is:
[Code]....
View 4 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Jan 19, 2010
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Jan 17, 2011
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
View 9 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
Feb 3, 2010
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies
View Related
Mar 29, 2010
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center
IBM Internet Security Systems
Symantec Threatcon
McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
View 2 Replies
View Related
May 29, 2010
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
View 2 Replies
View Related
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
Feb 28, 2011
When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies
View Related
