u.s. – Internetblog.org.uk https://www.internetblog.org.uk Web hosting, Domain names, Dedicated servers Fri, 29 Jan 2016 11:05:52 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.5 https://www.internetblog.org.uk/files/2016/01/cropped-favico-32x32.png u.s. – Internetblog.org.uk https://www.internetblog.org.uk 32 32 SELinux: Extra security protection https://www.internetblog.org.uk/post/889/selinux-extra-security-protection/ Fri, 15 Jan 2010 13:53:47 +0000 http://www.internetblog.org.uk/post/888/selinux-extra-security-protection/ SELinux graphical policy configuration
SELinux stands for Security-Enhanced Linux and is a comprehensive feature of Linux that allows system administrators to control security access policies with highly advanced modules in the Linux kernel. It can be applied to any Linux distribution and comes installed by default on some. It was originally based upon projects initiated by the U.S. National Security Agency and is considered to be a high-level security feature.

Redhat Enterprise Linux and CentOS are both designed to run SELinux out of the box with little effort. Some desktop Linux users disable it and see it as overkill, but for a server, particularly one that runs web servers, mail servers, database servers, and other servers accessible via the Internet, have that extra security can go a long way in preventing attacks.

To read a full tutorial on setting up SELinux in CentOs/Redhat, visit nixCraft.

Photo: Flickr

WIPO Rules Against a Trademark Holder https://www.internetblog.org.uk/post/392/wipo-rules-against-a-trademark-holder/ Fri, 14 Aug 2009 16:33:37 +0000 http://www.internetblog.org.uk/post/392/wipo-rules-against-a-trademark-holder/ fashion models
In what is clearly an exceptional yet not completely unique type of case, the WIPO has ruled against a legitimate trademark holder in a domain dispute. Runway Beauty Inc. filed a complaint against Errol Hernandez, who registered and parked runwaymagazine.com, runwaymagazine.net, and runwaymagazine.org. The website opens to a portal stating that it will be a social site about fashion and beauty but with no other content as of yet.

The complainant, Runway Beauty, has a website called runwaymagazine.us and offers an international print magazine about fashion, beauty, and entertainment. They own the U.S. trademark Runway Magazine, registered in 2008. The respondent first registered the disputed domains back in 1999. He intended to make a website, but never found the time or resources. In 2008, when he received complaints from Runway Beauty Inc., he began creating a website.

The panel acknowledged the first two conditions of UDRP: that the disputed domains are confusingly similar to trademarks held by the complainant and that the respondent had no legitimate business interests or rights in the domain. On the third crucial point, however, the panel did not believe Hernandez had registered the domains in bad faith. He registered the domains long before Runway Beauty even existed and always intended to make a legitimate non-commercial website.

Source: WIPO
Photo: Flickr

The Internet is big, really big https://www.internetblog.org.uk/post/334/the-internet-is-big-really-big/ Thu, 30 Jul 2009 15:09:29 +0000 http://www.internetblog.org.uk/post/334/the-internet-is-big-really-big/ Homer staring at a big laptop
According to new Internet data, there are now more websites than people in the world — over 1 trillion. With such large numbers, there are 150 domains per person, and it would take 31,000 to read all of them, even if you spent only one minute on each and never slept. Still, just 1.46 billion out of 6 billion people in the world use the Internet, meaning it would take a long time even for all of them combined to see all websites.

China leads the list with 338 million users, with the US trailing at 227 million. Japan, India, and Brazil round out the top five. The UK is a bit lower with 48 million users, reflective of its smaller population. The interestingly neglected part of this data and most raw data like it, is that there is no analysis of the website content.

Of the 1 trillion websites out there, how many are made up of malware, spam harvestors, phishing, fraud, schemes, ad portals, parked domains, and cybersquatting? Furthermore, of the sites that are none of the above mentioned, how many are actually useful and worth visiting? While it may be the job of Google and Bing to index legitimate sites, it will be up to someone else to catalog and evaluate them. As the Internet continues to grow, so does the need for some time of organization.

Source: News.com.au
Photo: Flickr

Korean cyberattack may be wild goose chase https://www.internetblog.org.uk/post/289/korean-cyberattack-may-be-wild-goose-chase/ Fri, 17 Jul 2009 15:36:44 +0000 http://www.internetblog.org.uk/post/288/korean-cyberattack-may-be-wild-goose-chase/ Fingerprint
U.S. and South Korean agencies are still scratching their heads trying to track down the perpetrators of widely publicized July 4 attacks. South Koreans were quick to point the finger at North Korea or “North Korean sympathizers”, but as of yet, no concrete proof has emerged. The botnet infected 50,000 computers and then sent a DDoS (dedicated denial of service) attack on government web servers in South Korea and the United States, crippling them.

Because of the nature of the attacks, analysts say they could have originated anywhere in the world.

“The truth is, we may never know the true origin of the attack unless the attacker made some colossal blunder,” said Joe Stewart, a director in the Counter Threat Unit at SecureWorks, a computer security consulting organization.

What researchers have determined is that the code of the attacking program was not very sophisticated and could have been written by an amateur. They are hoping that the creators of the botnet left a fingerprint trail that will lead investigators to them. Even if they are able to determine the country of origin, however, even that could have been masked. Ultimately, they may have to rely on arrogance that typically characterizes villains: that they will boast about their accomplishments.

Source: New York Times
Photo: Flickr

Korean DDoS malware may self destruct https://www.internetblog.org.uk/post/266/korean-ddos-malware-may-self-destruct/ Fri, 10 Jul 2009 14:43:42 +0000 http://www.internetblog.org.uk/post/265/korean-ddos-malware-may-self-destruct/ Computer bot
Earlier this week, we reported a series of attacks on key South Korean and U.S. government servers that took some of them offline. The attacks are still under investigation, but a blog post on the Washington Post’s website suggests that the botnet being used to deliver the DDoS (distributed denial of service) attack could self destruct.

An attack bot of this nature works by first infecting vulnerable computers around the world. The computer user is unaware of its presence and continues going about his business. Meanwhile, the bot uses that person’s computer to attack another, usually a server. With the coordinated effort of possibly thousands or even millions of computers, it easily disrupts service of the server or multiple servers. With some botnets, after the task is completed, they wipe the person’s hard drive.

According to security expert Joe Stewart, director of malware research at SecureWorks, this particular form of malware is a version of the Mydoom worm, includes a Trojan horse program that will overwrite all of the data on a victim’s hard drive. Microsoft Windows PCs are vulnerable to this attack, and experts believe that between 60,000 to 100,000 PCs may have been infected with the malware. South Korean government officials have also warned their citizens about this danger, saying that at least 20,000 PCs in South Korea are infected.

Source: Washington Post
Photo: Flickr

Hackers attack South Korea and US https://www.internetblog.org.uk/post/256/hackers-attack-south-korea-and-us/ Wed, 08 Jul 2009 16:52:59 +0000 http://www.internetblog.org.uk/post/255/hackers-attack-south-korea-and-us/ Korean DMZ
According to reports, North Korean hackers are believed to have launched cyber attacks on government offices in the US and South Korea. Some South Korean and US websites were momentarily taken down. Among the South Korean sites with service disruption were the Blue House, defense ministry, national assembly, Shinhan bank, Korean Exchange bank, and Internet portal Naver.

As of yet, there seems to be no concrete evidence that the North Korean government had any involvement in the attack, despite the suspicions to the contrary. South Korean officials announced that they suspected North Korea or its sympathizers of initiating the attack and that they are working with the US in the investigation. The US treasury department, secret service, Federal Trade Commission, and transport department websites were hit and momentarily taken off line over the past weekend.

The method of attack appears to be DoS (denial of service), a technique preferred by hackers because of its effectiveness at taking down websites without the need to infiltrate security systems. The hackers will normally use several computers connected to the Internet, sometimes spread all over the world, to bombard a website with simultaneous connections until the site can no longer handle the load. The site then either goes offline or is simply unreachable to legitimate visitors.

Source: Guardian
Photo: Flickr

U.S. DOE offers energy saving program for data centers https://www.internetblog.org.uk/post/235/us-doe-offers-energy-saving-program-for-data-centers/ Thu, 02 Jul 2009 13:36:07 +0000 http://www.internetblog.org.uk/post/234/us-doe-offers-energy-saving-program-for-data-centers/ Data center
The United States Department of Energy’s Save Energy Now initiative is offering a program to businesses to help them reduce data center energy consumption and save money. The program carries the standard government-issued unnecessarily long name: National Data Center Energy Efficiency Information Program, and offers fact sheets and presentations on their website, outlining their plans.

According to the website, the number of data centers continues to grow, and servers are becoming higher powered and more energy intensive. The DOE plans to invest in research and development into best practices for data center energy efficiency and provide guidance to businesses. They see the move as beneficial to both parties, since the businesses will reduce energy spending and the DOE will benefit from a reduction in load on the electric grid.

The website also includes data assessment summaries for some organizations that have already been evaluated, including Verizon and Lucasfilm. Through their research, they estimated that Verizon, a wireless service giant, could save $181,500 and 1,540,700 kWh of energy. Lucasfilm, the company behind the Star Wars and Indiana Jones movies and merchandise, could save $343,000 and 3,109,200 kWh. The information sheets include detailed information about the data centers, including server layout and cooling.

Source: U.S. Department of Energy
Photo: Flickr

U.S. Patent Office rejects subdomain patent https://www.internetblog.org.uk/post/184/us-patent-office-rejects-subdomain-patent/ Thu, 18 Jun 2009 12:08:39 +0000 http://www.internetblog.org.uk/post/184/us-patent-office-rejects-subdomain-patent/ Software patents
If you have ever had a website with more than few pages, you have probably created a subdomain. Instead of pointing visitors to www.internetblog.org.uk/coolguy, you might want to emphasize your coolness first and have your URL read: coolguy.internetblog.org.uk. Suddenly, you have something close to a new domain, called a subdomain. Now imagine that twenty days after creating your fabulously cool subdomain, you receive a cease and desist letter, ordering you to either pay royalties to an unknown company or face litigation.

A company named Hoshiko made the claim with the U.S. Patent Office that the concept of creating subdomains on the fly, as opposed to creating new DNS entries for each one, was their idea and was worthy of a patent. Although the patent was approved in 2004, the Electronic Frontier Foundation (EFF) fought back, arguing that there were plenty of open source projects, including Apache web server, utilizing this technology prior to the original 1999 filing. The patent office agreed and nullified the patent.

“This patent was particularly troubling because the company tried to remove the work of open source developers from the public domain and use it to threaten others,” EFF Legal Director Cindy Cohn said in a statement. “Ironically, the transparent open source development process gave us the tools to bust the patent!”

Over the past several years, companies have begun patenting everything from the double click to web site one-click shopping carts. The EFF and other organizations struggle against software patents through legal channels. It looks like cool guys everywhere can relax.

Source: Ars Technica
Photo: Flickr

Microsoft security chief on "Cyber Czar" shortlist https://www.internetblog.org.uk/post/166/microsoft-security-chief-on-cyber-czar-shortlist/ Fri, 12 Jun 2009 18:26:34 +0000 http://www.internetblog.org.uk/post/166/microsoft-security-chief-on-cyber-czar-shortlist/ Scott Charney
As the United States awaits President Barack Obama’s important nomination of his cybersecurity advisor or “cyber czar”, a position that will report directly to him, speculation about who will be tapped for the position has begun. Among the people up for consideration is Microsoft’s security chief, Scott Charney, who was on the security team under both Clinton and Bush.

The high-level position in question will have a direct line to the President and consult him on matters related to network and Internet security. After many problems with cybersecurity in the U.S., including the hacking of Army servers, it came as little surprise when Obama announced the new position. Whoever takes on the role will have tremendous responsibility.

Susan Landau, who declined to discuss if she has been short-listed for the job, said she would urge Obama to make it a top-level position, as he promised.

“The job is very important,” said Landau. “We have all sorts of different kinds of threats. … What you want is ubiquitous security.”

Landau is a Sun Microsystems engineer who has worked on digital rights, privacy and export control.

According to Wired Magazine, Charney said that he would not take the job but might be persuaded to change his mind if nominated.

Source: Wired
Photo: Flickr

Turkish hackers attack U.S. army's web servers https://www.internetblog.org.uk/post/120/turkish-hackers-attack-us-armys-web-servers/ Mon, 01 Jun 2009 19:56:07 +0000 http://www.internetblog.org.uk/post/120/turkish-hackers-attack-us-armys-web-servers/ US govt meeting, Obama, homeland security
InformationWeek has released a report indicating that in 2007, Turkish hackers infiltrated two U.S. army web servers, redirecting traffic from them to their own Anti-American and Anti-Israeli web sites. The hackers go by the name ‘m0sted’ and used a vulnerability in Microsoft SQL server to initiate an SQL injection attack.

The case is currently under investigation, with major search engines such as Google and internet service providers being served search warrants. The breach was at the Army’s McAlester Ammunition Plant in McAlester, Oklahoma, and the U.S. Army Corps of Engeineers’ Transatlantic Center in Winchester, Virginia.

The hackers managed to circumvent sophisticated security software designed by the Defense Department. It relies on many experts, spending millions of dollars on web server security, which raises questions about the safety of government cybersecurity programs. The Defense Department did not immediately respond to InformationWeek’s request for comments. Friday, President Obama announced a plan to create a new “cyber czar” position to oversee the U.S. Goverment’s cybersecurity.

Source: InformationWeek
Photo: Flickr