Tag Archives | Security

Linux Ninja Tux

Linux : Modsecurity concurrent log analysis

It’s been a crazy few months with work and family, but following on from the modgrep modsecurity serial log analysis article a few months ago,we’re back with another instalment for modsecurity users who use the concurrent logging format. Anyone who uses modsecurity will know that concurrent logging creates a lot of files and directories. Essentially, […]

Linux Ninja Tux

Linux one-liner to detect Symlink Attack on web server

The symlink attack is an old favourite and still very much prevalent. This attack usually occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users. The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases […]

Every kept a password on a postit note?

Seven ways to improve small business security

I’ve worked with many small businesses over the years, and it’s probably fair to say that most view I.T. expenditure as a necessary evil. While a growing number of e-commerce businesses take greater care, small business security is often woefully neglected. Small business security statistics The cost of allowing unwelcome guests into your business computers can be […]

Linux Ninja Tux

Kali – NMAP MaxMind GeoCity Lite Database Bug

Symptom : Looking up the location of IP addresses using Nmap fails when using the MaxMind GeoLocation script ip-geolocation-maxmind. Installing the Nmap MaxMind GeoCity Lite database in Kali (1.0.6)

OK, so now we try to use the database:

The result?

So, running with the -d debug option

We get

Checking […]

rescue

2014 Bootable AntiVirus Roundup

Bootable Antivirus – the only way to be sure There really is no excuse for not having some form of antivirus software installed on your PC. There are a plethora of free offerings out there from all the big names. They are all pretty good at carrying out manual scans, and real-time protection of your […]

duowp

WordPress Two Factor authentication with Duo Security

Single factor authentication is a risky business. It relies solely on something-you-know. If someone else obtains that information, then they can authenticate into your system. Two-Factor Authentication (TFA) relies on something-you-know AND (usually) something-you-have. The something-you-have (normally a phone, or dongle from the bank) provides a second authentication token that changes constantly. Without being in […]

windows_password

Easily reset a forgotten Windows password

Windows password recovery is something you’ve probably wanted to do at some point. Maybe you’ve tried to login to an old computer that’s not been used in a while, or maybe you just managed to enter the same typo twice without knowing it when changing your password. If you just want to get back in […]

fbdead

Facebook email death may result in spam

A little known feature of Facebook is the Facebook Email service they launched back in November 2010. Today, the @facebook.com service is biting the dust and Facebook has started to notify users that email sent to their @facebook.com address will be forwarded to their primary login email address instead. If you don’t have a primary email […]

gotofail

iOS Update covers critical Apple iOS and OSX SSL vulnerability

Apple has released an iOS update for iOS6 and iOS7, the operating system used by iPhone and iPad devices. Due to what looks like a programmers typo a serious flaw has been revealed in the way SSL connections are verified. This is no small thing as security bugs go, and Apple are undoubtedly highly embarrassed […]

Endless Geek

Android exploit threatens millions of phones

An exploit for a vulnerability in Android versions prior to 4.2 (Ice Cream Sandwich) that affects around 70% of all Android devices has now been published with the Metasploit penetration testing framework. Metasploit is a tool used by security specialists when testing the security of software and operating systems. It’s also free, which means that […]