[blog.rayfoo] Infosec, DFIR, tech geekery, thoughts and whatnot

22Oct/090

Cover Your Ass / Transfer Of Liability

Quoting from Schneier here:

Security warnings are often a way for the developer to avoid making a decision. "We don't know what to do here, so we'll put up a warning and ask the user." But unless the users have the information and the expertise to make the decision, they're not going to be able to. We need user interfaces that only put up warnings when it matters.

Pretty true.  People only get irritated and pay less/no attention to incessant warnings that prove not to be warnings at the end of the day, and when the real warnings come, the user glosses over them and clicks "Allow".

A couple of classic examples would include "The Boy Who Cried Wolf", and using self-signed/invalid/expired/revoked SSL certificates in a production site.  I've seen the SSL certificate one occurring in a site belonging to a MNC, heh ;)

Tagged as: , , , No Comments
20Oct/090

SSH brute force connection attempts #fail

Collected these over the past few months, reverse chronological order. Seeing different machines attempting to connect hundreds of times a day each is just, wow.

Some might say that a SSH blacklist daemon might help, but it only increases the time taken for a brute force attempt, and is of no use against a botnet trying to brute force the ssh login.

There are plenty of things that can be done to lock down the ssh server, and restricting it to only publickey is by far one of the most effective, counting that the resource (the server) you're protecting is pretty important.

Tagged as: , , , , , , Continue reading
14Oct/090

Changing internal network IP address range

Finally gotten my lazy busy ass down to implementing some of those stuff that I've always wanted to (like they say: eat your own dog food).

For tonight it was the changing and limiting of the DHCP address range served by my router to be a non-standard one (i.e. not in the 192.168.1.0/24 range), as one of the defences against CSRF attacks against the router.

The change turned out to not to be as smooth as I thought it would be, even though I had very few devices in the network as compared to an office one. Would keep this in mind as I think about/recommend this to others.

Additional reading on the topic of CSRFing home routers, for those who're interested:
GNUCITIZEN: BT HOME FLUB: PWNIN THE BT HOME HUB
GNUCITIZEN: ROUTER HACKING CHALLENGE

Tagged as: , , , , , , , , No Comments
 « Newer Entries  Older Entries »

Subscribe

Downloads

Links

Social

Most Active Tags

APT books brute forcing BTPC Christian Christian living CLI data mining data visualization DNS Downloads drama education fun funny hardening HOWTO information gathering Japanese linux log analysis lyrics mathematics network nginx OpenVPN picture programming project Python random RSnake security server administration spam Splunk SSH TED thoughts tools Ubuntu web application web server wifi WordPress

Recent Comments

Recent Posts