MadIrish.net
http://www.madirish.net
Computers, security, and other tech goodies.en-usCopyright 1997-2010, Justin C. Klein Keane. All Rights Reserved.MadIrish.netjustin@madirish.netInformation Securitydaily11970-01-01T00:00+00:00Drupal Organic Groups Menu Module 6.x-2.0 XSS Vulnerability
http://www.madirish.net/?article=467
The Drupal OG Menu module contains a cross site scripting (XSS) vulnerability due to the fact that it fails to sanitize menu descriptions before display.
http://www.madirish.net/?article=467&from=rss
2010-07-14 17:08:14 -0500Justin C. Klein KeaneNuralStorm Webmail Multiple Vulnerabilities
http://www.madirish.net/?article=466
A recent code audit of the NuralStorm Webmail system revealed a number of serious vulnerabilities. If you are using NuralStorm please review the following vulnerability report. It is recommended that you restrict access to any NuralStorm installations immediately and disable NuralStorm if possible. There is currently no patch or work around for the vulnerabilities described herein.
http://www.madirish.net/?article=466&from=rss
2010-07-09 15:39:14 -0500Justin C. Klein KeaneDrupal Views Module Information Disclosure Vulnerability
http://www.madirish.net/?article=465
The Drupal Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data.
http://www.madirish.net/?article=465&from=rss
2010-07-02 08:05:18 -0500Justin C. Klein KeaneHydra Brute Force Utility
http://www.madirish.net/?article=464
Hydra is a powerful, multi-protocol brute force attack tool. Brute force attacks involve guessing authentication credentials in an attempt to gain access to a system. Brute force is, over time, the most successful way to break simple authentication. The main disadvantages of brute force attacks are the time required to try username and password combinations, and the fact that these types of attacks are extremely noisy. Noise, in this instance, means that brute force attacks generate a lot of traffic, and potentially quite a bit of evidence of the attack. It is even possible to perform a denial of service attack using brute force tools. By attempting authentication repetitively over periods of time it may be possible to tie up system resources to such an extent that legitimate users cannot access the resource.
http://www.madirish.net/?article=464&from=rss
2010-06-25 12:30:54 -0500Justin C. Klein KeaneMonitoring Drupal with OSSEC
http://www.madirish.net/?article=463
Drupal 6 provides the syslog module by default which allows Drupal to write some log entries directly to the system log. OSSEC open source host based intrusion detection system is a perfect system for monitoring events in a system log. By implementing a custom decoder and a few rules you can easily modify your OSSEC installation to monitor your Drupal site for common attacks, including brute force attacks or other malicious activity.
http://www.madirish.net/?article=463&from=rss
2010-06-18 15:26:08 -0500Justin C. Klein KeaneAbout Me
http://www.madirish.net/?article=462
http://www.madirish.net/?article=462&from=rss
2010-06-18 14:49:53 -0500Justin C. Klein Keane