I host on NearlyFreeSpeech.net and their service and value (for moderate traffic volume sites) is awesome. But they are a fiddle under the hood host and not everything works without some tuning. WordPress takes some work and automatic updates aren’t possible without some permission changes. Some people just open everything up (777) which opens their site right up to attack. Here’s a post that explains how to change permissions without leaving the barn door wide open.
Now on to straightforward WP security. Check out WP Security Scan, a WP plug-in to quickly give you cues and clues on securing your specific WP site.
So this is not really security related, but might be useful for some poor soul out there. I have a client 2 Sun T1000s. Pretty good boxes but he needs them to do some things you can’t with Solaris so a version of Linux is needed. None seem to be well supported anymore, but Ubuntu (up to 7.10 Gutsy Gibbon) is certified on this box and should allow good use of the encryption and speed capabilities of the T1000s Niagara chipset. I find the ISO (http://old-releases.ubuntu.com/releases/7.10/) but the T1000s have no video, CD-ROM, or USB. Oh, that’s right.
So netbooting it is. I setup my TFTP server (TFTPD32 works great for windows) with the sparc netboot image (boot.img from Ubuntu site.)
Using my Cisco serial cable to my Dell (one of the few to have a serial connector on some laptops, come one people) I use hyperterminal to gain access to the box. I let it boot all the way to SunOS and then have it shutdown to the OpenBoot Prom. I tried to set it a break during the boot but that didn’t work for me. Here’s the command to get back to OpenBoot:
shutdown -yi 0 init 0 halt
From there we specify the netboot environment. No need for DHCP, RARP or other tricks that usually don’t work for specifying pxe boot crap.
setenv network-boot-arguments host-ip=192.168.11.4,router-ip=192.168.11.1,subnet-mask=255.255.255.0,hostname=foo.local,file=tftp://192.168.11.3/boot.img
Environment specified, now enter:
boot net debconf/priority=low DEBIAN_FRONTEND=text
Off it goes and loads the netboot image. Now isn’t that easy, at least with me telling you how to do it! Specify the install mirror and you’re good to go.
Trend Micro security expert Rik Ferguson has stated that Conficker has downloaded components from the Waledac botnet. This could contain the rootkit everyones been looking forward to; “These components have so far been missing, but could this finally be the ‘other boot dropping’ that we have all been been waiting for?”
News in the mainstream media has died down since the April Fools hook has passed. Now Joe Public can forget about it and stop updating his system.
As if meter maid parking cops weren’t heartless enough, crinimal outfits are putting fake printed tickets on car windshields that includes a URL for malware.
To “view a photo of your violation” you need to install a program that infects your computer with a trojan that allows the unknown attacker to control your system and use it in a botnet.
Cyberspace is coming to meat space via your windshield!
Come on people, update your frickin’ computers! With 30% of all internet connected systems vulnerable (according to Qualys), the Conficker virus has reached epidemic proportions over the last few weeks and 9 million computers sit poised for some Ukrainian hacker to activate as they see fit, and I’m betting that isn’t to help out SETI@Home.
Conficker is the most effective virus since Slammer back in 2003 due to its multi-front attack, combining brute force password guessing and piggybacking on USB keys. And Microsoft hasn’t helped by not issuing XP SP1 patches, and we all know that many people don’t trust Microsoft Service Patches (ok, put your hands down) so adoption of SP2 or SP3 is not universal.
What does this mean for the greater internet community? The compromised “zombie” systems phone home and are awaiting instructions. The New York Times states that Conficker checks for Ukrainian keyboard and won’t install if it finds one. So we’ve got a jingoistic botnet that will probably be rented out for spam, DDOS attacks and various regional conflicts (a la Georgia.) Not good stuff for anyone so efforts are being made to disable it by sending instructions to the bots to shut down; a clever albeit strategy.
So patch your systems!
Here is a list (though not yet comprehensive) of some security sites that I use. I will add some more and if any readers want to add some suggestions that would be great.
MS Patch Tuesday Pre-notification: http://www.microsoft.com/technet/security/bulletin/advance.mspx
MS TenchNet Security Site: http://technet.microsoft.com/en-us/security/default.aspx
I’ve created this page as a resource for people looking to keep their companies computer and network systems secure. I will discuss general security topics as well as offer tips and updates on best practices.
I would love to have feedback so please post your comments!