http://www.madirish.net Computers, security, and other tech goodies. en-us Copyright 1997-2008, Justin C. Klein Keane. All Rights Reserved. MadIrish.net justin@madirish.net Information Security hourly 1 1970-01-01T00:00+00:00 http://www.madirish.net/?article=213 The Drupal Suggested Terms module is a convenience module that helps a content producer by presenting a hyperlinked list of taxonomy terms that can be clicked to populate category vocabulary. However, in versions prior to 5.x-1.2 a cross site scripting (XSS) vulnerability exists. This vulnerability was announced on June 25, 2008 in SA-2008-039 and requires that a malicious user be able to create or edit content using the suggested terms module. http://www.madirish.net/?article=213&from=rss Thu, 3 Jul 2008 00:00:00 -0500 Justin C. Klein Keane http://www.madirish.net/?article=212 Drupal is a wonderful Content Management System (CMS) that comes with a lot of extensible functionality. While the Drupal security team does a great job of making sure the core modules distributed with Drupal are secure, there are a host of third party contributed modules that often contain security problems. In this tutorial I'm going to pick on one module in particular and show you how to deduce security holes based on announcements to the Drupal security list. http://www.madirish.net/?article=212&from=rss Tue, 1 Jul 2008 00:00:00 -0500 Justin C. Klein Keane http://www.madirish.net/?article=211 Identity theft is a common topic in the media and in reality these days. So common in fact that the Federal Trade Commission has set up a website to help highlight the problem and provide details to the public. Identity theft is often closely tied to information security but many people don't understand why. http://www.madirish.net/?article=211&from=rss Fri, 13 Jun 2008 00:00:00 -0500 Justin C. Klein Keane http://www.madirish.net/?article=210 Fast flux hosting (or fast-flux service networks), commonly utilized amongst malware bot herds and spammers, is a method used to hide servers or content behind an almost dynamic domain name. This allows attackers to keep content online and avoid a single point of failure. Traditionally, once a malicious host is detected, and ISP can be contacted and the machine can be pulled offline. This means that phishing sites or bot command and control machines could be pulled down as soon as they were identified. http://www.madirish.net/?article=210&from=rss Wed, 4 Jun 2008 00:00:00 -0500 Justin C. Klein Keane http://www.madirish.net/?article=209 I wrote this article to cover some shortcuts, tips, and batch files I've had to use over time at the MS-DOS command prompt. Topics covered include renaming directories, counting files, mounting a network share, and other tasks at the command prompt. http://www.madirish.net/?article=209&from=rss Thu, 29 May 2008 00:00:00 -0500 Justin C. Klein Keane http://www.madirish.net/?article=208 Securing an SSH server is a simple process that many administrators overlook. The following are four simple steps you can take to help lock down your SSH server. Given the widespread nature of SSH brute force attacks it is well worth the effort to enforce some extra restrictions on your SSH server. Most of the suggestions outlined below rely on configuration changes that can be implemented in your sshd_config file. http://www.madirish.net/?article=208&from=rss Wed, 28 May 2008 00:00:00 -0500 Justin C. Klein Keane