Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.
View 5 RepliesSo yesterday I receive a copy of the SANS @RISK security vulnerability newsletter, and, lo and behold, Mozilla's Firefox and Thunderbird are on it yet again. (Yeah, I know, shocking, isn't it?)So I quickly check what versions I have installed. Yup: Vulnerable.I check whether updates are available.These are pretty serious "remote code execution" vulnerabilities and the status is "vendor confirmed, updates available." So why isn't my 9.10 desktop's update manager telling me updates are available?
View 9 Replies View RelatedI noticed that when typing in your password after locking the screen or a screensaver, the program focussed behind it is able to catch the input...
This sounds like a huge security risk to me, is there anyone who can test this? (Only noticed with game in wine, perhaps you need low level xorg access)
I i've virtual machine that is running BackTrack4r2. I need to use the built-in tool Metaspolit in bt for assessing the security and vulnerability in websites The prob is that i dont have any about the Metaspolit tool.
View 10 Replies View RelatedI decided to report what happened me lately so that someone more clever could find the hole in the latest ubuntu. So: I have a machine connected 24/7 on high speed network. i had karmic on it. i ran openssh and apache2 (without any mod, plain apache2) on it. In addition i ran firefox, ktorrent, and amule on it. Nothing else. The system didnt have any rule in iptables.
Recently chkrootkit signaled a SuckIT rootkit in the system. I was scared, i googled for it and i saw that on ubuntu this actually happened and it was a false positive. Ok, i kept going. Yesterday i nmapped myself and i found an open port around 64000 that i couldnt see with netstat -atpnl so i concluded i was actually infected and erased the drive and tried to install lucid alpha2 so, one day of lucid,
- with a firewall this time that let open only the port 22 and 80 from internet
- with only openssh as service (no apache2)
- ran firefox3.6 , ktorrent and amule , nothing else
chkrootkit didnt find anything
debsums reported
debsums: changed file /sbin/initctl (from upstart package)
i did an apt-get install --reinstall upstart and that file didnt warn anymore. So i concluded there must be some kind of vulnerability either in
a) firefox
b) ktorrent
c) amule
Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
I've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?
View 5 Replies View RelatedI ran across this problem when I used checkinstall and then tried to extract the contents of data.tar.gz (which you can find inside any .deb).tar has an option to extract the contents of a file in a given directory.From tar's manpage:
Code:
-C, --directory DIR
change to directory DIR
[code]....
Quote: Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Apparently the hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssls3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.
View 1 Replies View RelatedI have a Cent OS dedicated server, not sure what version though as I'm new to Linux. How do I find out what version I have? Is there an anti virus or security package that I can install on my server which can use Cron Jobs to do a scan every 12 hours.
View 7 Replies View Relatedi have a hp 6500 e709a printer. have configured for network printing and would like to use the scan facility.i have tried to scan from the printer but it does not find the computer. the hp documents mention advanced firewall information on incoming udp ports and tcp ports etci believe it is with my machine as my son has a windows box with the hp software and i have managed to scan from that machine.
View 4 Replies View Relatedusing ubuntu and the corporate edition of open dns? >Im curious to find out how the anti malware filtering works in open dns works.
View 4 Replies View RelatedIf I forward port 5764 to port 80 to my VOIP device, I can nmap and get a proper connection. If I forward port 5764 to port 22 to my server, it comes up filtered. It even happens if I try forwarding port 80 to my server. So I'm sure it has something to do with my server, but I'm not sure.Here's my Linksys iptables:
Code:
:wanin - [0:0]
-A FORWARD -i vlan1 -j wanin
[code]....
I'm running Kubuntu Karmic Koala 9.10. I just got a no-name USB webcam. It works fine under Windows. Under Linux the behavior is odd and a little frustrating. xsane does recognize it, but when I attempt to preview it or scan, I get the message "Failed to start scanner; invalid argument". Under skanlite, I can scan an image but if I attempt a preview, skanlite generates an internal error. The USB code is...
Unlike the other USB devices, no name shows up.
I'd like to use this device under Skype, but the Linux version of Skype doesn't provide any way to test whether the device works or not. Windows does provide such a test (via Welcome), and the webcam works correctly there.
How can I civilize this beast?
Was wondering if anyone can explain briefly the relationship of "cache" and free memory in the "free" memory command.
View 2 Replies View RelatedI've got a question on free disk space. I'm currently running CentOS 5.5 on in Xenserver virtual environment. We've had an issue with disk space. My question is as follows: - from a ssh connection i run df -h this gives the value of 90% used leaving me with 9GB. If I use system monitor via a VNC connection the free disk space value is 20GB free on the same volume. Which one is correct? I do use SNMP to monitor the same volume and should alert me when < 10% is free I know this works as I set the alert threshold to < 90% I get an alert.
View 2 Replies View RelatedI've read that there are a lot of rootkits that exist for linux. MS Windows has tools where you can boot a "portable" scanner from a CD and scan your whole Windows installation for rootkits. This way you can even scan boot sectors because you are never actually starting your installed Windows.
Is there anything available like this for Ubuntu? Is there a scanner I can run off the LIVE CD for example to scan my ubuntu installation for rootkits?
I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .
Name of File
/usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4
Name of Problem
Heuristics.Broken.Executable
Status
Loose
Does anyone know if this is a problem.
I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.
View 2 Replies View RelatedI mean something like Teamviewer so i can click-click and be there in no time, without knowing my IP (it's dynamic so that's a toughy, when i was using VNC i had to write a crontab script that uploaded my IP to a place i could always access every hour). Looked trough tons of apps, Googled for hours, found nothing.
View 4 Replies View RelatedI've installed ClamTK on my Kubuntu 9.10 installation, since it's connected to a Windows7 machine.When I ran a scan, it found 9 'viruses', but they are all within my home directory > Opera/mail/store and are either status Phishing.Heuristics.Email.SpoofedDomain OR HTML.Phishing.Bank-593.I recently synced my Hotmail into Opera, so I checked the corresponding dates in my Hotmail account and deleted the emails which I thought were related, however, after clearing down my Opera history, etc., re-booting my PC and re-scanning, the results are the same.How do I clear down these files?
View 1 Replies View RelatedI'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
View 3 Replies View RelatedI use clamtk to scan flash disk. It says the engine is out of date. What do I do to update it?
View 1 Replies View RelatedI am a newbie in ubuntu. I did clamscan on my ubuntu /, and I got the result message as follow. it shows "486 errors" I am wondering if the result is OK or I need to do some action on it.
Known viruses: 968595
Engine version: 0.96.5
Scanned directories: 28067
Scanned files: 131696
Infected files: 0
Total errors: 486
Data scanned: 9020.40 MB
Data read: 17800.31 MB (ratio 0.51:1)
Time: 1349.479 sec (22 m 29 s)"
Also, my engine is 0.96.5. The latest version is 0.97. But "aptitude upgrade" can not upgrade the engine to 0.97. I understand 0.97 is still on testing. I am wondering if I can just stay with 0.96.5 and wait for the 0.97 passing all tests. if so, does it cause any security issue?
I have used ubuntu in the past but had a lot of hardware issues with it and unfortunately moved back to windows (( BUT i have tried Ubuntu again and all seems to work great except wifi My wifi connection is sort of working because when i run SUDO IWLIST SCAN it does pull up all available networks. But in the network manager icon on the panel i left click but i see no networks and can't connect to anything. I WOULD LOVE TO keep Ubuntu and use it permanently but I must get wifi working or else this won't be possible.
View 4 Replies View RelatedDoes anyone knows good commercial or non-commercial antivirus software that runs on ubuntu 10.04 and that works with the samba v-scan module? I was thinking about Avast, but I'm not sure it works with samba v-scan. Also I'm not sure it is possible to install the avast server edition for linux on ubuntu 10.04.
View 6 Replies View RelatedI use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?
View 2 Replies View RelatedI know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
View 5 Replies View RelatedSo I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.
Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.
How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?
View 5 Replies View Related