Facebook computers compromised by zero-day Java exploit
http://tinyurl.com/cwmvxrv
https://t.co/M46qJAiH
I'm still reading up on it but wanted to put it out there ASAP!
Friday, February 15, 2013
Thursday, February 14, 2013
Obama's cybersecurity executive order: What you need to know.
Obama's cybersecurity executive order: What you need to know.
Embargoed until the delivery the State of the Union address, US President Obama signed the expected and highly anticipated cybersecurity executive order. With potentially serious implications for US and foreign citizens' privacy, here's what you need to know.
Read more here.
Tuesday, February 12, 2013
Iptables and Blocking by Region
I'm tired of seeing certain network ranges always peppering my linux server, so I'm going to experiment with blocking via region. I've seen several hints/tips but I want to do this with the server not taking too much of a hit. Note that I'm mainly concerned with traffic that I typically allow, such as port 80. I could block via apache, which may well work, but I also want to investigate using iptables.
So far, I've found:
Solution #1 seems a bit too hackish. As well, the server may take a performance hit if I decide to drop more than one region (China's netranges are broad enough as it is).
Solution #2 might not be so bad, as it leverages the htaccess function. I've no idea how performance-intensive this method is, but it may be worth looking into. A con is that I also run a mail server...this method won't work for mail.
Solution #3 looks good. This method uses iptables and ipset. Ipset lessens the performance hit when blocking thousands of IPs.
So, before hitting the bed, I decided to give solution #3 a shot. I immediately found that the tutorial is out-of-date (it caters to Ubuntu 10.04...I'm using 12.04). I'm attempting to work through it by leveraging the manual pages and 'ipset info', but I'm running into kernel errors such as:
I do not have full control over my host (it is running on a linode, and the modules are locked down). I may not be able to use this, but I'll continue to investigate.
EDIT: Well, I'll be damned! I got the command to take. I had to select a more current kernel to boot up (I was using a depreciated Linode kernel). I guess I should check that more often. I'll continue this exercise tomorrow...I just have to ensure I've bookmarked all my reference sites.
So far, I've found:
- http://www.cyberciti.biz/faq/iptables-read-and-block-ips-subnets-from-text-file/
- http://www.parkansky.com/china.htm
- http://www.webhostingtalk.com/showthread.php?t=1146401 (and http://www.jsimmons.co.uk/2010/06/08/using-ipset-with-iptables-in-ubuntu-lts-1004-to-block-large-ip-ranges/)
- I could possibly use tcpwrappers as well, but I'm not sure tcpwrappers can handle the amount of ranges I want to block.
Solution #1 seems a bit too hackish. As well, the server may take a performance hit if I decide to drop more than one region (China's netranges are broad enough as it is).
Solution #2 might not be so bad, as it leverages the htaccess function. I've no idea how performance-intensive this method is, but it may be worth looking into. A con is that I also run a mail server...this method won't work for mail.
Solution #3 looks good. This method uses iptables and ipset. Ipset lessens the performance hit when blocking thousands of IPs.
So, before hitting the bed, I decided to give solution #3 a shot. I immediately found that the tutorial is out-of-date (it caters to Ubuntu 10.04...I'm using 12.04). I'm attempting to work through it by leveraging the manual pages and 'ipset info', but I'm running into kernel errors such as:
root@li7-220:~# ipset create feckoff hash:ip
ipset v6.11: Kernel error received: Invalid argument
I do not have full control over my host (it is running on a linode, and the modules are locked down). I may not be able to use this, but I'll continue to investigate.
EDIT: Well, I'll be damned! I got the command to take. I had to select a more current kernel to boot up (I was using a depreciated Linode kernel). I guess I should check that more often. I'll continue this exercise tomorrow...I just have to ensure I've bookmarked all my reference sites.
Monday, February 11, 2013
U.S. said to be target of massive cyber-espionage campaign
U.S. said to be target of massive cyber-espionage campaign
http://www.washingtonpost.com/world/national-security/us-said-to-be-target-of-massive-cyber-espionage-campaign/2013/02/10/7b4687d8-6fc1-11e2-aa58-243de81040ba_story.html
Well, what took them so long to notice this?
Here's another article, as well:
In a world of cybertheft, U.S. names China, Russia as main culprits
http://www.washingtonpost.com/world/national-security/us-cyber-espionage-report-names-china-and-russia-as-main-culprits/2011/11/02/gIQAF5fRiM_singlePage.html?tid=obinsite
http://www.washingtonpost.com/world/national-security/us-said-to-be-target-of-massive-cyber-espionage-campaign/2013/02/10/7b4687d8-6fc1-11e2-aa58-243de81040ba_story.html
Well, what took them so long to notice this?
Here's another article, as well:
In a world of cybertheft, U.S. names China, Russia as main culprits
http://www.washingtonpost.com/world/national-security/us-cyber-espionage-report-names-china-and-russia-as-main-culprits/2011/11/02/gIQAF5fRiM_singlePage.html?tid=obinsite
Subscribe to:
Posts (Atom)