This article showed up on slashdot today:
http://tech.slashdot.org/story/09/08/26/1614206/Legitimate-ISP-a-Cover-up-For-a-Cybercrime-Network?art_pos=3
It looks like you can't even trust what appears to be a legitimate ISP. The really scary part is the DNS hijacking since lots of people trust their ISP.
Cheers,
Dave
Wednesday, August 26, 2009
Monday, August 24, 2009
Quick "how to" on my gmane posts....
I just realized that it isn't at all obvious how to get to the rest of the discussion thread from my gmane posts from the CentOS mailing list. If you click on the post's subject, it's a link to a threaded view of the full discussion. Once you get to the threaded view you can also navigate to other discussions.
Cheers,
Dave
Cheers,
Dave
Sunday, August 23, 2009
Beware of phpMyAdmin
If you ever end up working on a web site that is being hosted by a hosting service you will probably get stuck with phpMyAdmin as the means of remotely administering the site. The following thread again from the CentOS mailing list gives a good discussion as to why this isn't a good set up:
http://article.gmane.org/gmane.linux.centos.general/81345
There is also a discussion of some of the alternatives but the bottom line is that there aren't any really good alternatives. The best is to get secure shell access (ssh) and then do your admin work from the command line but there are quite a few people who are intimidated by the command line. SIGH.
Cheers,
Dave
http://article.gmane.org/gmane.linux.centos.general/81345
There is also a discussion of some of the alternatives but the bottom line is that there aren't any really good alternatives. The best is to get secure shell access (ssh) and then do your admin work from the command line but there are quite a few people who are intimidated by the command line. SIGH.
Cheers,
Dave
Friday, August 21, 2009
Other resources
I subscribe to the CentOS (CentOS is a free clone of Red Hat Enterprise Linux) mailing list as a way to keep up with what's going on with CentOS and because I learn something just from reading about the problems that others have run into and gone to "the list" to get help or solutions. The following thread showed up in today's mail concerning how to prevent brute force attacks against a server that allows secure shell (ssh) logins:
http://article.gmane.org/gmane.linux.centos.general/81276
There are a few other threads that are current (e.g., "How can I tell if I've been hacked") as well as other discussions.
Besides just this particular mailing list, Gmane provides archives for pretty much any significant mailing list on the Internet. I'm sure there are other lists that would be usefull if you have the time to keep up with the list traffic. As with the thread I specified above, an appropriate mailing list is a great way to get help with a particular problem. The only down side is that lists that will get you a quick response generally have enough traffic to swamp you while low volume lists mean you might not get a response ever or at least in the time frame that you need.
Cheers,
Dave
http://article.gmane.org/gmane.linux.centos.general/81276
There are a few other threads that are current (e.g., "How can I tell if I've been hacked") as well as other discussions.
Besides just this particular mailing list, Gmane provides archives for pretty much any significant mailing list on the Internet. I'm sure there are other lists that would be usefull if you have the time to keep up with the list traffic. As with the thread I specified above, an appropriate mailing list is a great way to get help with a particular problem. The only down side is that lists that will get you a quick response generally have enough traffic to swamp you while low volume lists mean you might not get a response ever or at least in the time frame that you need.
Cheers,
Dave
Thursday, August 20, 2009
CNBC on DoS Attacks and Computer Security
Here is the CNBC video segment I mentioned in class. Not unexpectedly, they emphasize the economic impact of computer security and DoS attacks against social networking sites in particular. While some of the numbers included were of interest, I found the very fact that "main stream" media such as CNBC would devote a prime time (while the markets are open) segment to computer security to be interesting.
They also note that thwarting such attacks isn't just a question of buying enough hardware, software or a big enough pipe. They point out that having the right people was instrumental in allowing several major government and financial sites to weather a similar attack earlier this year.
Cheers,
Dave
They also note that thwarting such attacks isn't just a question of buying enough hardware, software or a big enough pipe. They point out that having the right people was instrumental in allowing several major government and financial sites to weather a similar attack earlier this year.
Cheers,
Dave
Wednesday, August 19, 2009
First Post!
Th is a test. This is only a test. Had this been a real post I would have actually had something to say.
Dave
Dave
Subscribe to:
Posts (Atom)
About Me
- DaveAtFraud
- B.Sc. ('78) and M.Sc. ('80) in Math from Ohio State followed by 12 yrs at TRW and a variety of software development positions since then. Currently living in Colorado and enjoying "trial retirement". For fun I climb mountains in the summer and ski down them in the winter, fix gourmet food and have an excellent wine cellar.