ICANN, which seems to be cracking down on rule-breaking registrars lately, has published a new report criticizing a number of well-known registrars for unwholesome practices.

Some of the firms mentioned in the document include UK2, Tucows, France Telecom, Enom and AOL. Among other things, ICANN lashed out against several of the registrars for misconfigured WHOIS servers that leave data open to hackers.

Enom caught fire for the services it allegedly provides to illegal online pharmacies. The report states that it, “has transitioned from being a passive service provider to become an active facilitator of illicit criminal traffic, and possibly a knowing accessory.”

Read the full 96-page report here. Now that ICANN has called out these misguided registrars, let’s see the organization take some action.

Source | The Inquirer

0 comments

Tehtri Security research Laurent Oudot has determined that most people who attack servers get their hacking software from freely available malware kits on the Web, rather than creating their own custom scripts. These kits often contain poorly written code that can itself be exploited.

What does all of that mean to you? Oudot says it means that you can fight fire with fire, turning the attacker’s own malware against him. The next time someone attacks your server, hacking the malware can reveal a trail of IP addresses that may even lead all the way back to the attacker’s personal computer.

Oudot admits that there may be legal issues if you decide to turn into a cyber-Batman, but says that he demonstrated that it could be done, at the SyScan 2010 security conference in Singapore, in order to “open new way[s} to think about IT security worldwide”. Right, Mr. Oudot. You just handed every victim a loaded gun and told them there may be “legal issues” in retaliating. Malware attackers, you’ve been warned.

Source: BBC
Photo: Flickr

0 comments

Question: I have heard that enabling root login in SSH can be a security risk. Is that true, and if so, how do I disable it?

Answer: The truth is that having root logins enabled is not in itself a security risk. The real risk comes from having an easily hacked root password or non-secure web applications on your server that allow hackers to decipher the root password. Disabling root login gives those hackers one less avenue to exploit, and if you do not need to login directly as root through SSH, there is really no reason to have it enabled.

Actually disabling the root login is not nearly as complicated as my above explanation. Just follow these steps:

1. Login to your server via SSH
2. Become root:
su
3. Edit /etc/ssh/ssh_config
4. Add the following line:
PermitRootLogin no
5. Save and exit

Photo Source: Flickr

0 comments

Senator Joe Lieberman has introduced a bill to Congress that if enacted, would give the American government broad powers to direct Internet policy and seize control of critical infrastructure during emergencies.

Called the Protecting Cyberspace as a National Asset Act (PCNAA), this legislation could effectively give the government control over the Internet. This is because much of the Internet’s root core and many of its administrative bodies, including ICANN, are located in the United States.

All governments should take cyber security seriously, but I think Lieberman is going a bit far with this bill. I highly doubt the government could even effectively manage something as large and complex as the Internet by itself. How would it go about taking control in the first place? My guess is this bill won’t make it very far.

Source | The Register

0 comments

Here are a few more Joomla security tips to help you make sure your Joomla installation is rock-solid.

1. Create strong passwords. You should change your administration password often and use a combination of upper and lowercase letters and numbers. Avoid using dictionary words, and make sure your password is at least eight characters long.

2. Monitor crack attempts. If you have your own VPS or dedicated server, you can run TripWire or SAMHAIN to frequently check for attempts to comprise your server’s security.

3. Create scripts to automate security tasks. With a busy schedule, you may forget to check for new versions of Joomla and any extensions you have installed. Setup scripts to make the process automatic.

4.. Check logs often. Many times, simply looking over access and error logs can reveal thinly-veiled attempts to intrude on your server, particularly if the attacker is trying to do so through a web application like Joomla.

5. Run checks for SQL injection vulnerabilities. There are free tools on the web that will perform these checks for you.

The important thing to remember is to always be diligent. Create a security routine and stick to it. Do not let months go by before you decide to check on your Joomla installation. You may find your site has already been comprimised.

Source: Joomla Security Checklist

0 comments

A new way of blocking unwanted emails through domain assurance and email authentication has been developed by reputation management services provider, Return Path. Until now, anti-phishing email authentication measures were far from perfect, with some businesses even afraid of not receiving wanted mail.

The new process of Domain Assurance developed by Return Path starts by auditing all email streams to determine their authentication, and then creating a domain registry where any improperly authenticated emails get blocked. Companies can get automatic notices regarding any phishing or spoofing attacks to their brands, and ISPs can better protect their clients.

The service is currently available in Beta and is being provided through partnerships with Yahoo!, Comcast, Tucows and Cloudmark. The Domain Assurance service will have its commercial launch in the third quarter of 2010.

Source | TheWhir
Photo | Flickr

0 comments

Want to see a revealing video about the Gulf oil spill or the NBA Finals? Apparently thousands of Web users do, and many of them are being lured to video sites that look just like Google’s YouTube. But rather than playing the videos immediately, clicking “play” prompts the user to install a “media codec”. When the users accept, their computers are infected with malware.

According to the eSoft Threat Prevention Team, there are now over 135,000 such sites sprouting up all over the Web, many of which can be found by a simple Google search. Because the sites look and feel like YouTube, many users will not check the URL to verify that it actually is the giant video sharing website.

The “media codec” that the users download is actually a trojan that infects the computer and can access sensitive data, even taking control of the entire system. Currently, only 8 of 41 virus scanners are picking up the new malware, although that will probably change as the threat becomes more widespread. People who are concerned about inadvertently visiting one of these sites should use web filters that will detect malware sites and warn them before allowing the browsers to connect.

Source: Infosecurity

0 comments

Servers handle command and application execution differently, depending on the operating system. From a security perspective, executable files should be tightly controlled. Only the server administrator should be allowed to install and run executables, and the server should not respond to file execution from within unauthorized directories.

On a Windows server, file executables typically have .exe, .com, or .bat extensions. Without question, any emails or other transfers that contain such attachments should be blocked. Many attackers have adapted to mail scanners that block those extensions and will often send files with alternative extensions like .zip, but the files are still actually executables. You can decide what types of files to restrict and how to scan and monitor incoming files.

On a Linux server, any file can potentially be executable when it is assigned the correct permissions. In fact, standard executables have no file extensions at all. This means you have to be extra cautious about unauthorized scripts. You can deny executable privileges to any directories/partitions except the ones owned by root. This should greatly reduce the chances of security exploits. Usually, a Linux mail server will still receive Windows virus executables intended for home Windows computers. You should, therefore, configure a mail scanner to detect them and quarantine them.

Photo Source: Flickr

0 comments

After protests over images of Islam’s Prophet Mohammad were posted on a Facebook page, the Pakistani government had banned access to the social networking site. The ban has since been lifted on the material, deemed offensive to Muslims, having been removed. The incident sparks questions, though, over just how the Westernised internet intends to manage its interaction with non-Western users and pages.

Yesterday, we reported that the UAE has a new IDN in .emarat, which is a wonderful thing for non-Latin script users of the internet. However, relations between Westernised usage of the internet and that of emerging non-Western usage are still fraught over issues such as content management, security and censorship.

We previously reported on how IDNs could contribute to weaknesses in internet security, and how IDNs could also serve censorship, in the form of Russian concerns over Cyrillic scripted websites and information filtering.

The Facebook vs Pakistan is a less technical, but interesting example, of how internet access and content often promotes the shortcomings of the internet in dealing with cultural differences; and the difficulties for governments in balancing freedom of internet use and their own agendas. For more on the decision to ban Facebook in Pakistan, see Miranda Husain’s Newsweek article.

Source | AP

0 comments

Yesterday, I highlighted some of the critical Joomla security issues that you should consider. Here are a few more you should add to your list:

All of these can be set within your local php.ini directory (if your server allows it), rather than manipulating the global one for the server.

1. Use the “disable_functions” to prevent the use of some dangerous PHP functions:
Example: disable_fuctions = show_source, exec, phpinfo

2. Use open_basedir. This will limit which files PHP can opened to the directory tree specified (i.e. in your home folder)
Example: open_basedir = /home/webguy/www/html

3. Disable register_globals. Joomla will actually warn you if you have this enabled:

Example: register_globals = 0

4. Disable allow_url_fopen. This is used when you want to create PHP wrappers to open remote URLs. You can probably imagine the dangers that would create if exploited.
Example: allow_url_fopen = 0

Source: Joomla Security Checklist

0 comments