detect mac flashback

to detect the mac flashback virus (courtesy of cnet.com)

How does it work?

The Flashback malware injects code into applications (specifically Web browsers) that will be executed when they run, and which then send screenshots and other personal information to remote servers.

First step: Exploiting Java When you encounter the malicious Web page containing the . . . → Read More: detect mac flashback

ossec clear database

To delete all currently stored alerts and related data in the ossec database execute these commands in

MySQL Editor:

truncate table alert; truncate table data;

Bash Script: #!/usr/local/bin/bash # #Stop ossec, remove old alerts, start ossec

echo “stopping ossec”

/var/ossec/bin/ossec-control stop

echo ‘TRUNCATE TABLE `alert` ;’ | mysql ossec . . . → Read More: ossec clear database

Secure Apache ServerTokes and ServerSignature directives

There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is . . . → Read More: Secure Apache ServerTokes and ServerSignature directives

Install OSSEC local on Ubuntu

 

Download files wget http://www.ossec.net/files/ossec-hids-latest.tar.gz wget http://www.ossec.net/files/ossec-hids-latest_sum.txt Check the MD5 or SAH1 to make sure they are legit (Don’t skip!!) md5sum ossec-hids-latest.tar.gz cat ossec-hids-latest_sum.txt Extract the files from the tar tar zxvf ossec-hids-latest.tar.gz Cd into the directory and run the installer ** cd ossec-hids-latest/ ./install.sh If you are not running a local install make sure . . . → Read More: Install OSSEC local on Ubuntu

check your website for vulnerabilities

How do you check your website for vulnerabilities for free?

Check out these sites that provide free vulnerability scans:

http://wepawet.iseclab.org/index.php

http://sitecheck.sucuri.net/scanner/

fseek() expects parameter 3 to be long os_lib_alerts.php SEEK_SET

to fix this error: fseek() expects parameter 3 to be long os_lib_alerts.php SEEK_SET

Line 842 in os_lib_alerts.php Reads:

fseek($fp, $seek_place, “SEEK_SET”);

It should actually be:

fseek($fp, $seek_place, SEEK_SET);

Detecting Alternate Data Streams

Let’s get started detecting streams (ADS)

What is an stream?

An stream is essentially a hidden file within another file (.txt, .jpg, .mp3, .exe, etc)

Why should I care?

Files can contain malicious streams and compromise your machine

Creating an stream

Open up command prompt and run this in a directory

echo ‘the password is . . . → Read More: Detecting Alternate Data Streams

Secure Scalable Storage Solution

Names You Need To Know in Data Security: Cleversafe

http://www.forbes.com/sites/benkerschberg/2011/09/30/names-you-need-to-know-in-data-security-cleversafe/

This article is about a company called Cleversafe that has created a secure and redundant way to store enormous amounts of data. The article also explains why this technology is needed; RAID storage does not scale and is more prone to failure. Cleversafe’s storage . . . → Read More: Secure Scalable Storage Solution

detect php backdoor

how to detect php backdoor ?

(Note content is from http://25yearsofprogramming.com/blog/2010/20100315.htm)

Website security: How to find backdoor PHP shell scripts on a server

This is supplemental information for a series of articles that begins at:

Website security: what to do after your site is hacked, and how to prevent it

Although the article below looks . . . → Read More: detect php backdoor

how to browse web securely

i just read a great article on how to browse the web securely with his creation of the “Secure Browsing Environment”.

The author shows you how to:

Spin up your own linux virtual machine instance of WattOS Set up shared vm folders Install/configure: ClamAV OpenDNS (prevent phishing attacks) ISnort In-Line/Oinkmaster/Swatch alert scripts Chrome and Firefox . . . → Read More: how to browse web securely