Tegatai Systems has been using mod_security in its development labs recently. It has been determined through white and blackbox testing that mod_security needs more work before it will be stable enough for wide-spread production use.
I beg to differ. Do you know how many backdoors are in Microsoft products? Not many people do. In fact, I doubt anyone knows of all of them. The counter-argument against closed-source commercial binary-only software products is that it's harder to find binary backdoors than it is to find them in source code; even while using disassemblers and debugging tools. This compromise could have been prevented.
Take FreeBSD for example. Sure their mirrors may have been compromised in the past; but they have a solid architecture designed for managing a centralized repository. Only a very select few people have access to that system. You can bet that the ftp.gnu.org box had tens or hundreds of local accounts. The hackers might not have even directly compromised ftp.gnu.org. They could have hacked a workstation belonging to a developer, and worked their way back into that machine by trojaning ssh, storing the login/password information and logging in from a bounce-point.
Obviously the guys that hacked the machine understand the blackhat value in having complete and unfettered control of that server and its data. When the next vulnerability is discovered in the services provided by any FSF servers, you can bet these guys will be back with a vengance. What blows my mind is that the GNU/FSF crew don't have backups of the MAIN DISTRIBUTION SITE.
Once again, it should not come as a suprise that ftp.gnu.org was compromised. Hackers target centralized source code and binary distribution sites. That way, they can backdoor 200,000 birds with one stone. cvs.openbsd.org was hacked last summer too. My advice: build everything from source.
This isn't news -- it's a daily occurence. However, netizens and hackers find break-ins newsworthy when the database is larger and/or more sensitive. The greater the target's security investment, the greater the challenge. You can bet that copies of this database have already been tarballed, bzipped and scp'd to 50 countries.
If you place first in a 500 lap race, there is more associated with that victory than a shorter 100 lap race. Why? Time investment necessary to be victorious, equipment and bandwidth required. Concentration needed. Similarly, if a company has stateful inspection firewalls, network and host-based intrusion detection, regular vulnerability assessment and a proactive group of sysadmins and security experts protecting the network -- and you can still break in -- that's newsworthy. Good examples of truly newsworthy break-ins would be Yahoo! News Hacked, and FBI Investigating Qualcomm Hacker.
Here we have an article about yet another internal employee that was layed off and screwed around with the databases in retaliation (YAIETWLOASAWTDIR). Sure it's a problem, but it is not insurmountable. Just how common is this problem? Check out my recent blog entry, "Sacked staff turn to sabotage because they still have access."
the topics covered in this book are typical and there is not much new unique material inside.. it is more valuable (not to mention free) to spend a few days reading linux security howtos, mailing lists and manpages.
Slashdot Mirror
Tegatai Systems has been using mod_security in its development labs recently. It has been determined through white and blackbox testing that mod_security needs more work before it will be stable enough for wide-spread production use.
I beg to differ. Do you know how many backdoors are in Microsoft products? Not many people do. In fact, I doubt anyone knows of all of them. The counter-argument against closed-source commercial binary-only software products is that it's harder to find binary backdoors than it is to find them in source code; even while using disassemblers and debugging tools. This compromise could have been prevented.
Take FreeBSD for example. Sure their mirrors may have been compromised in the past; but they have a solid architecture designed for managing a centralized repository. Only a very select few people have access to that system. You can bet that the ftp.gnu.org box had tens or hundreds of local accounts. The hackers might not have even directly compromised ftp.gnu.org. They could have hacked a workstation belonging to a developer, and worked their way back into that machine by trojaning ssh, storing the login/password information and logging in from a bounce-point.
Obviously the guys that hacked the machine understand the blackhat value in having complete and unfettered control of that server and its data. When the next vulnerability is discovered in the services provided by any FSF servers, you can bet these guys will be back with a vengance. What blows my mind is that the GNU/FSF crew don't have backups of the MAIN DISTRIBUTION SITE.
Once again, it should not come as a suprise that ftp.gnu.org was compromised. Hackers target centralized source code and binary distribution sites. That way, they can backdoor 200,000 birds with one stone. cvs.openbsd.org was hacked last summer too. My advice: build everything from source.
This isn't news -- it's a daily occurence. However, netizens and hackers find break-ins newsworthy when the database is larger and/or more sensitive. The greater the target's security investment, the greater the challenge. You can bet that copies of this database have already been tarballed, bzipped and scp'd to 50 countries.
If you place first in a 500 lap race, there is more associated with that victory than a shorter 100 lap race. Why? Time investment necessary to be victorious, equipment and bandwidth required. Concentration needed. Similarly, if a company has stateful inspection firewalls, network and host-based intrusion detection, regular vulnerability assessment and a proactive group of sysadmins and security experts protecting the network -- and you can still break in -- that's newsworthy. Good examples of truly newsworthy break-ins would be Yahoo! News Hacked, and FBI Investigating Qualcomm Hacker.
Here we have an article about yet another internal employee that was layed off and screwed around with the databases in retaliation (YAIETWLOASAWTDIR). Sure it's a problem, but it is not insurmountable. Just how common is this problem? Check out my recent blog entry, "Sacked staff turn to sabotage because they still have access."
We have been providing IPv6 tunnels for our secure managed hosting customers for a while at no extra charge. For more info check my blog post: Tunnel Brokers and The Current Status of IPv6 Support for Networking Applications. If anyone wants to see how we did it, just shoot us an email. =)
the topics covered in this book are typical and there is not much new unique material inside.. it is more valuable (not to mention free) to spend a few days reading linux security howtos, mailing lists and manpages.