I found an interesting problem today. If I run the DNS Randomness test at work using Doxpara’s widget, our ISP fails this test. If I run the test at DNS-OARC, I get mixed results. Sometimes the source port randomness is good and sometimes it is bad. Hmm… I am guessing our ISP has not patched [...]
Testing DNS Randomness
July 24th, 2008 · No Comments · General
Picks and Pans for pfSense packages
May 27th, 2008 · 1 Comment · OpenSource, Security
Recently I installed the pfSense firewall and now I have started to check out some of the packages that make pfSense such an interesting firewall platform. Without going into too much detail here is my impressions on several packages.
NMAP – It kind of worked for me when I accessed it via the web server. It [...]
Tags: firewall·opensource·pfSense·Security
WordPress 2.5 Secret_Key Vulnerability
April 17th, 2008 · No Comments · Security, WordPress
Wow, I did not know about this security feature in 2.5. I did not have the ‘SECRET_KEY’ defined since my WordPress sites were upgrades. Since I prefer to follow the Secure WordPress recommendations and missed that section in the paper, I added a random key to all of my sites. The key does not cause [...]
ISS X-Force Database: icmp-timestamp(322): ICMP timestamp requests
April 5th, 2008 · No Comments · Security
A PCI audit point I saw recently recommended that servers not respond to ICMP timestamp requests. For externally based web servers this probably means asking your host provider to implement a rule on their router to block ICMP packets type 13 or 14 with a code of 0. I haven’t tried this but this should allow normal maintenance packets(e.g. ping) and prevent echo tests using timestamp requests.
Server 500 error, Codeplex, and ISA 2004
April 2nd, 2008 · No Comments · SBS2K-SBS2K3
I recently tried to visit Codeplex and got a an error page with a Server 500 error. It did not take too long to figure out that there was a configuration problem on my firewall, ISA 2004. There were several proposed fixes but the one that worked for me I found on a Techarena forum [...]
BlogSecurity » Blog Archive » WPIDS v0.1.2 officially released
April 1st, 2008 · No Comments · Security, WordPress
Recently while upgrading my WordPress blogs I installed WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS. It is a nice plugin for those curious about WordPress security. In theory this should improve the security of my blogs.
For the last couple of days I have been [...]
Automated WordPress Hacking Tool Cached by Google
March 27th, 2008 · No Comments · Security, WordPress
I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release.
Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the [...]
BlogSecurity » Blog Archive » WordPress Scanner
March 23rd, 2008 · 1 Comment · General
Last night I used the WordPress Scanner on two of my blogs and I got this message.
dangerous-check-[0] PHP configuration file found in http://www.somewebsite.com/
I guess it is complaining about the fact that I have a php.ini file. I guess there is a security implication I am do not know about. I googled php.ini and security and [...]
Getting a L2TP VPN connection to work through the Comodo firewall
January 11th, 2008 · No Comments · Security
I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed [...]
When Microsoft’s recommendations do not fix your userdata persistence error(0×800A0046)
January 3rd, 2008 · No Comments · SBS, Security
About once a month I go to the Windows Update and let it check my computer. If Windows Update is working properly, the Windows Update cupboard will be bare. Sometime in December Windows Update stopped working for me and it started giving me a userdata persistence error. The help system said that all of my [...]
HIPAA audit: The 42 questions HHS might ask
June 21st, 2007 · No Comments · Security
A document obtained by Computerworld from a reliable source indicates that Piedmont was presented with a list of 42 items that HHS officials wanted information on within 10 days. Specifically, Piedmont was asked to provide policies and procedures for:
Establishing and terminating users’ access to systems housing electronic patient health information (ePHI).
Emergency access to [...]
Tags: Security
Installing the Messaging Security Agent from the Security Dashboard
June 9th, 2007 · No Comments · SBS2K-SBS2K3, Security
This week I upgraded the Trend Micro SMB installation on my “dog food” server to version 3.6. It kind of worked. The virus checking stuff upgraded nicely but the Messaging Security portion did not. I got this message, “Error 1923.Service Trend Micro Messaging Security Agent Remote Configuration Server(ScanMail_RemoteConfig) could not be installed”.
I researched the problem [...]
Free Firewall Software – Comodo™ Firewall
June 8th, 2007 · 1 Comment · Security
Comodo Free FirewallVersion 2.4
It’s Free. Forever. No Catch. No Kidding
The Award-Winning Comodo Firewall Pro
PC Magazine Online’s Editor’s Choice
Secures against internal and external attacks
Blocks internet access to malicious Trojan programs
Safeguards your Personal data against theft
Delivers total end-point security for Personal Computers and Networks
Install now for out-of-the-box protection against identity theft hackers, Trojans, scripts and other unknown [...]
Need to archive?
May 14th, 2007 · No Comments · Security
From Susan Bradley’s blog(aka SBS Diva) comes…
I have rec’d an email from one of my clients saying that he needs to recover email from 2005 in regards to a lawsuit. There is barely a backup plan in place. It holds backups of everything for a few days only, written only to an external hard drive. [...]
Tags: Security
Don’t Panic, But New Discovery Of Electronically Stored Information In Litigation Rules Now Apply :: WRAL.com
May 14th, 2007 · No Comments · Security
Link to Don’t Panic, But New Discovery Of Electronically Stored Information In Litigation Rules Now Apply :: WRAL.com
Today I read a post over on Susan Bradley’s blog about the need to archive and I remembered this article. This article is a couple of months old and was written by lawyers practicing in the ESI area. [...]
Tags: Security
Safeguards For RIAA Hard Drive Inspection
April 23rd, 2007 · No Comments · Security
NewYorkCountryLawyer writes
“In SONY v. Arellanes, an RIAA case in Sherman, Texas, the Court entered a protective order (PDF) that spells out the following procedure for the RIAA’s examination of the defendant’s hard drive:
(1) RIAA imaging specialist makes mirror image of hard drive;
(2) mutually acceptable computer forensics expert makes make two verified bit images, and creates [...]
Tags: Security
TrueCrypt 4.3
March 21st, 2007 · No Comments · OpenSource, Security
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct…
Link to TrueCrypt 4.3
I [...]
Tags: OpenSource·Security
Security Settings tabs do not respond after installing CSM on Windows2003/SBS 2003 with SP1
November 14th, 2006 · No Comments · SBS2K-SBS2K3
Solution Details
The Security Settings tabs do not respond after installing CSM on Windows2003/SBS 2003 with SP1.
I finally found this article. I do not use TrendMicro’s Dashboard very often but it has been a problem for me. Sometimes it would work. Sometimes it would not work. I did not think I had done anything wrong but [...]
Gpg4win – EMail-Security using GnuPG for Windows
July 12th, 2006 · No Comments · OpenSource, Security
Gpg4win – EMail-Security using GnuPG for Windows
Today I upgraded from 1.0.1 to 1.0.3 and experienced problems verifying files. I could not verify a file with GPGee or WinPT. The files had been verified under 1.0.1. GPGee said I had an invalid key and WinPT did not show any results. GPA did verify the file. I [...]
Tags: OpenSource·Security
TrueCrypt 4.2a updated
July 6th, 2006 · No Comments · OpenSource, Security
TrueCrypt v4.2aTrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correc…
This is an open [...]
Tags: OpenSource·Security
