MadIrish.net
http://www.madirish.net
Computers, security, and other tech goodies.en-usCopyright 1997-2008, Justin C. Klein Keane. All Rights Reserved.MadIrish.netjustin@madirish.netInformation Securityhourly11970-01-01T00:00+00:00Exploiting the Drupal Suggest Terms Module
http://www.madirish.net/?article=213
The Drupal Suggested Terms module is a convenience module that helps a content producer by presenting a hyperlinked list of taxonomy terms that can be clicked to populate category vocabulary. However, in versions prior to 5.x-1.2 a cross site scripting (XSS) vulnerability exists. This vulnerability was announced on June 25, 2008 in SA-2008-039 and requires that a malicious user be able to create or edit content using the suggested terms module.
http://www.madirish.net/?article=213&from=rss
Thu, 3 Jul 2008 00:00:00 -0500Justin C. Klein KeaneDeveloping Drupal Module Exploits
http://www.madirish.net/?article=212
Drupal is a wonderful Content Management System (CMS) that comes with a lot of extensible functionality. While the Drupal security team does a great job of making sure the core modules distributed with Drupal are secure, there are a host of third party contributed modules that often contain security problems. In this tutorial I'm going to pick on one module in particular and show you how to deduce security holes based on announcements to the Drupal security list.
http://www.madirish.net/?article=212&from=rss
Tue, 1 Jul 2008 00:00:00 -0500Justin C. Klein KeaneAbout Identity Theft
http://www.madirish.net/?article=211
Identity theft is a common topic in the media and in reality these days. So common in fact that the Federal Trade Commission has set up a website to help highlight the problem and provide details to the public. Identity theft is often closely tied to information security but many people don't understand why.
http://www.madirish.net/?article=211&from=rss
Fri, 13 Jun 2008 00:00:00 -0500Justin C. Klein KeaneWhat is Fast Flux Hosting?
http://www.madirish.net/?article=210
Fast flux hosting (or fast-flux service networks), commonly utilized amongst malware bot herds and spammers, is a method used to hide servers or content behind an almost dynamic domain name. This allows attackers to keep content online and avoid a single point of failure. Traditionally, once a malicious host is detected, and ISP can be contacted and the machine can be pulled offline. This means that phishing sites or bot command and control machines could be pulled down as soon as they were identified.
http://www.madirish.net/?article=210&from=rss
Wed, 4 Jun 2008 00:00:00 -0500Justin C. Klein KeaneMS-DOS (Batch File) Shorts
http://www.madirish.net/?article=209
I wrote this article to cover some shortcuts, tips, and batch files I've had to use over time at the MS-DOS command prompt. Topics covered include renaming directories, counting files, mounting a network share, and other tasks at the command prompt.
http://www.madirish.net/?article=209&from=rss
Thu, 29 May 2008 00:00:00 -0500Justin C. Klein Keane4 Simple Tips for Securing OpenSSH
http://www.madirish.net/?article=208
Securing an SSH server is a simple process that many administrators overlook. The following are four simple steps you can take to help lock down your SSH server. Given the widespread nature of SSH brute force attacks it is well worth the effort to enforce some extra restrictions on your SSH server. Most of the suggestions outlined below rely on configuration changes that can be implemented in your sshd_config file.
http://www.madirish.net/?article=208&from=rss
Wed, 28 May 2008 00:00:00 -0500Justin C. Klein Keane