So my DWL-G550 arrived today.”D-Link DWL-G550 High-Powered Wireless-G PCI Adapter” (D-Link Systems, Inc.)I threw it into the system and it powered up and loaded the correct Atheros drivers…. (Personal meaning you’re not running a authentication service like RADIUS, EAP or LEAP (which is just another kind of LEAP by Cisco), or 802.1x, but using PSK [Pre-shared Key] or a certificate.Second, now that you have your /etc/wpa_supplicant.conf configuration figured out from reading the instructions or from that link I mentioned.
With much press release fanfare, WabiSabiLabi has announced that it is to be a marketplace for exploit development.Some particularly funny mentions:Q: I don’t want to give you my personal data. Is there any other way I can partecipate to the marketplace?A: No.
Jeremy Schoemaker asked me to write up a little something regarding the recent string of SEO web defacements for a non-technical audience which he posted in his blog.The SEO industry is very focused on being SEOs.Like many professionals, many attempt to avoid time consuming activities that are not core to their business…. This is a perennial theme of information security writings and I myself have touched on itWeb defacements are nothing new, but the media attention to SEO superstars is notable and makes their online presence an attractive high-value target. The recent mass defacement of SEO wordpress blogs that was launched from a technical adversary using tor is an example of what has become a not uncommon occurrence.What can SEOs, and bloggers in general, do to lessen the risk of public embarrassment from defacements, hacktivism, and information leakage?… (For example, the bugfix for Wordpress v2.0.6 addressed a correction for those webservers that had left register_globals set to “on.” Not recommended in the first place.)Hardening the web services themselves with security modules.Use of a NIDS or HIDS that will actively block or alert upon detection of questionable behaviors.All of these methods involves time and resources that could best be applied to doing what they do best, in this case, being a SEO.
Hi Marc-not-Marcus,I wanted to give you some feedback on your presentation this evening atthe ISSA because, frankly, I was a disappointed with some of yourconclusions.First, the whole “the internet is an organism” concept of virus andmalware propagation.Lots of people have said this which, I suppose, makes it a kind ofconventional wisdom speaking point. I don’t agree with it and I’ll tellyou why. It centers around the recurring commentary that many in ourindustry have spoken about regarding shoddy software devdelopment.
Hacktivism and corporate culture seem to be more at odds than ever.
Some news out in Apple vulnuribilities today.
up2date has rollback capability and is already installed on all RHEL [RedHat Enterprise Linux] servers All that would be required to centrally manage a RHEL environment would be to push out an updated config file for up2date and point it to a central repository.Both yum and up2date are just front-ends for rpm management and operate with all the same mechanisms.
…There may be some yum client options available that up2date does not have, but I have not been able to find any examples.Other matters:Repository can be managed with such tools as:- Current: http://current.tigris.org/ This can manage yum, up2date, and apt archives and allows granular control and automation.- Repository setup examples for a variety of methods:http://www.xades.com/proj/fedora_repos.htmlhttp://dag.wieers.com/home-made/apt/FAQ.phpI believe that the best option at this point would be to: – make a repository for all supported platformso make groups for different linux server profiles§ oracle§ webservers§ othero automate updates to linux§ establish rpm testing/certification environment§ have all clients check for updates in a DHL tested repository for regular updates· cron “up2date –u” on a weekly/daily/monthly/quarterly basis§ update repositories with tested updates for each server group.- Configure stock RHEL installations to update from internal sourceso make an rpm of a custom up2date config for RHEL 3 and 4- Document process for rpm rollback for operations in case of update QA failure- Get buy-in from operations and enterprise security management on the update and QA process to be performed in regularly scheduled maintenance windows.