Nmap 5.0 has been released, with a bunch of improvments : look at the changelog.
Tag Archives: Security
Windows Vista memory protection : defeated ?
It seems, at least according to some researchers showed it at the Black Hat conference.
Mark Dowd (IBM) and Alexander Sotirov (VMWare) found a way to bypass the memory protection implemented in Vista to inject malicious instructions within Internet Explorer. They were able to copy any content wherever they wished on the disk.
Especially, this paper will be an interesting reading, even if it is not as simple as they say – at least for me.
How-to : Mod-security 2 set-up for Apache 2
Mod-security is a security proxy for Apache. It adds a frontal layer filtering unwanted clients, malformed packets and malicious requests.
It is especially usefull if your website is dynamic, involving php, sql, javascript, etc. With such a complex environment, as you can never be sure that your website is not vulnerable or up-to-date enough, something like mod-security provides an interesting extra-security layer.
Continue reading
The SSL/SSH disaster
Due to the recent security hole discovered in Debian, which has also concerned various distributions – of course including Ubuntu – for 2 years, I simply closed all my SSH and OpenVPN accesses.
I have had no time so far to check all the keys on my server. I prefer to stay on the safe side, though I have some reason to believe that my keys might not be so vulnerable : I generated them a long time ago, maybe before the Debian maintainer sad mistake.
It is going to be pretty easy now, for those who are motivated, to get access to the ssh server running keys generated during the 2 last years…
I recommend this article which summarize pretty well the situation. You may also use this tool, which checks if your keys are vulnerable :
$ perl dowkd.pl file ~/.ssh/*.pub
It find it funny to think that I chose to use certificates for security (avoiding brute force attacks).
What’s less funny is the pure disaster for the reputation of Debian.
I already noticed in the past that some companies switched their servers from Debian to Red Hat because of such security problems. They claimed about some security holes being patch much too slowly and about the lack of official support to rely on in such a crisis.
This kind of news is not going to enforce trust from companies.
I myself will think twice in the future about what system to use when I design my networks.
Cold boot attack, not a threat to Full disk encryption (FDE)
Since the new cold boot attack hack is on the news, touching most of the software encryption solutions, I have wondered if it had any chance to concern also hardware encryption.
Hardware encryption is provided by a few laptop makers, generally on high-range an business models.
It has much less performance impact than software encryption, and protect the data independently from your system configuration and its partitions.
Full disk encryption is the so called hardware encryption technology used by Lenovo on my Thinkpad.
SinFP, part II : comparison with Nmap 4.20
Here is the update of my previous test of SinFP.
I compared then the output of SinFP and Nmap on different machines, and found out that SinFP made a slightly better job than Nmap in OS detection, though it is not the primary goal of Nmap whereas it is the one of SinFP.
However, I made a mistake that the author of SinFP made me aware of.
I conducted the tests of Nmap using the package of my distribution, thinking it was the latest one.
Actually, it was only the version 4.10. Moreover, the current version, 4.20, brought up a new OS detection engine.
Therefore, a new test with version 4.20 was absolutely needed.