Linux Security Weekly | 007 | Hello and welcome to Linux Security Weekly for July 8, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: Thunderbird moves to ESR-only release November 20th, 2012 https://wiki.mozilla.org/Thunderbird/Proposal:_New_Release_and_Governance_Model http://blog.lizardwrangler.com/2012/07/06/thunderbird-stability-and-community-innovation/ Get Thunderbird ESR now: http://www.mozilla.org/en-US/thunderbird/organizations/all-esr.html Asterisk CVE-2012-3863,
Ubuntu Server MOTD Include Security Updates
Ubuntu Server MOTD Include Security Updates | Ubuntu Server can display outstanding package and security updates as the MOTD when logging in locally or via ssh. I’ll show you how! To enable this feature, install the following package: $ sudo apt-get install update-notifier-common The terminal output will look as below: $ ssh user@example.com Linux example.com 3.0.18-linode43 #1 SMP Mon Jan 30 11:44:09
Create HTML reports with nmap
Create HTML reports with nmap | nmap can actually create very good html reports. I’ll show you how! Below is a one-liner command that will scan and create an html file for all open ports and services. This example happens to be a scan of my home network with a few VirtualBox VMs started to add to the mix. I use
GUI for sqlmap
GUI for sqlmap | An excellent python based GUI for sqlmap is available here: https://code.google.com/p/gui-for-sqlmap/ On Debian or Ubuntu, here is how to install: $ sudo apt-get install python-tk python2.7 sakura $ git clone git://github.com/sqlmapproject/sqlmap.git $ cd sqlmap $ wget http://gui-for-sqlmap.googlecode.com/files/sqm-17612.zip $ unzip sqm-17612.zip $ python2.7 sqm.pyw Cool!
Linux Security Weekly | 006
Linux Security Weekly | 006 | Hello and welcome to Linux Security Weekly for July 1, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: AIX – sendmail CVE-2012-2200 http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc https://twitter.com/hdmoore/statuses/218114278291550208 apache tomcat 7.0.28 http://tomcat.apache.org/download-70.cgi http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.28/README.html http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.28/RELEASE-NOTES wordpress 3.4.1 http://codex.wordpress.org/Version_3.4.1 http://core.trac.wordpress.org/changeset?reponame=&new=21153%40branches%2F3.4&old=21076%40trunk Chrome
Linux Security Weekly | 005
Linux Security Weekly | 005 | Hello and welcome to Linux Security Weekly for June 24, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: Red Hat 6.3 released http://www.redhat.com/about/news/archive/2012/6/red-hat-enterprise-linux-63-globally-available http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.3_Release_Notes/index.html Multi-factor ssh https://bugzilla.redhat.com/show_bug.cgi?id=657378 https://bugzilla.mindrot.org/show_bug.cgi?id=983 Cisco AnyConnect VPN client security update: Mac,
Metasploitable 2 Vulnerability Scan Comparison
Metasploitable 2 Vulnerability Scan Comparison | For kicks, I performed authenticated vulnerability scans on the latest Metasploitable 2 release. Metasploitable 2 is a customized Ubuntu Linux image that is full of vulnerabilities to be used for pen testing as well as of course used to practice with metasploit. Scanners used: openvas 5 (open source) nessus 5.0.1 (community feed) nexpose 5.3 (community
Linux Security Weekly | 004
Linux Security Weekly | 004 | Hello and welcome to Linux Security Weekly for June 17, 2012. Linux Security Weekly is the audio podcast which covers current and important security vulnerabilities in Linux and open source software for the past week. Show Notes: mysql CVE-2012-2122 http://security-tracker.debian.org/tracker/CVE-2012-2122 https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2122 http://www.ubuntu.com/usn/usn-1467-1/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677018 java – 14 CVEs http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2012-0729.html http://rhn.redhat.com/errata/RHSA-2012-0730.html Ruby on
nmap UDP Port Scan Example
nmap UDP Port Scan Example | By default nmap performs a TCP scan only. I’ll show you how to scan for UDP ports with nmap! The syntax is $ sudo nmap -sU -p port target Example: $ sudo nmap -sU -p 3478 192.168.1.25 Starting Nmap 6.00 ( http://nmap.org ) at 2012-06-13 20:43 EDT Nmap scan report for example.com (192.168.1.25) Host is
In-Depth WordPress Security
In-Depth WordPress Security | Here is an excellent write up on WordPress Security: In-Depth WordPress Security If you find this topic interesting, you may also be interested in Expert Pen Testing training. Check it out!
