Domain: alertlogic.com
Stories and comments across the archive that link to alertlogic.com.
Comments · 5
-
TCP port 445 screening, Metasploit, Alert Logic
A first-pass screening test is to see if TCP port 445 is open. Most hosts will have 445 blocked by the firewall, thereby providing a degree of protection for the vulnerable SMB.
If 445 is open, that does not mean the host is compromised, but it is likely to vulnerable. This Metasploit module is one check that can be run:
https://github.com/rapid7/meta...
More information can be found on the Alert Logic blog and our various teams will continue to post there and elsewhere as more information is made available.
https://www.alertlogic.com/res...I know Alert Logic has other resources posted elsewhere, but unfortunately I don't know the exact URLs off hand. My team sends technical details to another team, who aggregates it with information developed by other teams, then they forward it to the PR people who post it for you to read, with other, more detailed information provided to customers. So personally I only know where I send the information internally, but not where you can read all of it.
-
Some of the same security services, others waiting
Google's cloud has some of the same security services that are popular on Amazon, and others can be deployed whenever more customers want them.
As an example, several security services that you can buy through Amazon are actually provided by a security company called Alert Logic. Alert Logic announced support for Google Cloud in 2014:
https://www.alertlogic.com/pre...
You can bet that as Google Cloud manages to get more market share, companies like Alert Logic are ready to deploy more services to Google Cloud. They have stuff in the pipeline, awaiting completion whenever their customers ask for Google support.
-
the need is already served. Weekly threat reports
This also isn't really a case of balancing the pros and cons. The justification is to allow private business to share information about emerging security threats. Just like Alert Logic's existing weekly threat report, which they manage to produce without any legislation or special protections from privacy laws:
https://www.alertlogic.com/res...They also manage to do longer term analysis and share it, without revealing personal information:
https://www.alertlogic.com/res...There are of course many other companies and organizations already compiling and sharing information about emerging threats - no special laws required.
-
the need is already served. Weekly threat reports
This also isn't really a case of balancing the pros and cons. The justification is to allow private business to share information about emerging security threats. Just like Alert Logic's existing weekly threat report, which they manage to produce without any legislation or special protections from privacy laws:
https://www.alertlogic.com/res...They also manage to do longer term analysis and share it, without revealing personal information:
https://www.alertlogic.com/res...There are of course many other companies and organizations already compiling and sharing information about emerging threats - no special laws required.
-
Re:Quite possibly the stupidest vulnerability ever
"Oh no, Linux includes a "wheel" user group by default that grants superuser privileges to users in it! And someone could possibly add themselves to that group and gain root access!"
Actually, wheel doesn't grant superuser by default. Being in wheel + installation of a *non-stock* sudo = superuser. Being in wheel and knowing root's password = su superuser. Wheel group != admin, despite what some distros would have you believe.
That wheel == administrators is a bad, poorly documented assumption on the part of the polkit+packagekit authors. The original group writing the original report about the issue were able to install software as root without a prompt and without knowing a password. This is significantly different from typing a sudo password, despite what polkit/packagkit people would have you believe. If you read the original post (they used this as part of an audit/pentest where they couldn't do anything else successfully), polkit+packagekit opened the door to the system.
Polkit gave up root where sudo, su, and other "wheel" tools didn't. So is this a wheel problem, or a pol/packagekit problem? In a properly configured system, wheel grants nothing more than the *access* to the admin tools; authentication and authroization are supposed to come later. The idea that wheel group automatically == root is a relatively new and dangerous development.