Linux Security Weekly | 017 | Hello and welcome to Linux Security Weekly for September 16, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: News bind CVE-2012-4244 https://kb.isc.org/article/AA-00778/74 http://www.h-online.com/security/news/item/Manipulated-data-causes-BIND-DNS-servers-to-crash-1708087.html rdata field: http://www.zytrax.com/books/dns/ch15/#rdata BIND Vulnerability Matrix – list of bind vulns according
Bluetooth Hacking – ronin | I was fortunate to hear an excellent talk at my local lug by bluetooth hacker ronin. ronin has been featured at DefCon and other security conventions. He has written tons of awesome Linux based apps for bluetooth hacking. Check out http://www.hackfromacave.com. At this point I am completely paranoid about ever having bluetooth enabled in public.
Enable or Disable Compression in Apache | I’ll show you a quick way to actively check a server for compression as well as how to disable compression in Apache. Note: This has _no_ effect on the CRIME TLS vulnerability. Test for Compression A simple test page to test for HTTP compression is here: http://www.gidnetwork.com/tools/gzip-test.php Or alternatively, below is a manual test for
iostat and vmstat – Awesome System Statistics for Linux | Two excellent Linux apps are iostat and vmstat. These provide realtime statistics of system IO and memory usage. Here’s how it works! iostat iostat is useful to view realtime stats of disk IO. I suggest running ‘iostat 1′ to have the command refresh each second. $ iostat 1 Linux 3.2.0-2-amd64 (brahms) 09/12/2012 _x86_64_ (4 CPU)
Linux Security Weekly | 016 | Hello and welcome to Linux Security Weekly for September 9, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: News WordPress 3.4.2 http://wordpress.org/news/2012/09/wordpress-3-4-2/ OpenSuSE 12.2 http://news.opensuse.org/2012/09/05/opensuse-12-2-green-means-go/ Virtualbox 4.1.22 https://www.virtualbox.org/wiki/Changelog Firefox bumped to 15.0.1 https://www.mozilla.org/en-US/firefox/15.0.1/releasenotes/ https://bugzilla.mozilla.org/show_bug.cgi?id=787743 Distro
clamav Signatures not Updating Ubuntu Linux | Clamav will sometimes have trouble downloading updates for some reason or another. I’ll show you how to fix this in Ubuntu Linux! First, stop clamav: $ sudo /etc/init.d/clamav-daemon stop $ sudo /etc/init.d/clamav-freshclam stop Next we are going to manually download the latest signatures from clamav’s website and place them into the proper location in Ubuntu.
Fast Host Discovery with nmap | The easiest way to do host discovery is with nmap. nmap of course offers a variety of ways to probe and map out detected hosts and poke at any open ports or services. But as for a quick discovery, ICMP is ideal to just get a quick assessment of online hosts. I’ll show you how!
Linux Security Weekly | 015 | Hello and welcome to Linux Security Weekly for September 2, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: News OpenSSH http://www.openssh.com/txt/release-6.1 Google Chrome http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html Java http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020083.html Firefox and Thunderbird http://www.mozilla.org/security/known-vulnerabilities/firefox.html http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox10.0.7 OpenSuSE 12.2. this
Encode or Decode base64 from the Command Line | If you have ever needed to quickly decode or encode base64, Linux has a command line utility called base64 that works great. I’ll show you how it works! To encode text to base64, use the following syntax: $ echo ‘scottlinux.com rocks’ | base64 c2NvdHRsaW51eC5jb20gcm9ja3MK To decode, use base64 -d. To decode base64, use a syntax
Example Interview Questions for Networking or Linux Jobs | Below are a few good interview questions for networking or Linux related jobs. These will give a relatively good assessment if the candidate has good knowledge of some fundamentals. Alternatively, this makes a great study guide if you are applying for any networking or Linux related jobs. Wikipedia is the best guide and much better