segunda-feira, julho 24, 2006

YouOS - A Web Operating System

YouOS is an experiment in a new kind of computing platform.

https://www.youos.com

sábado, julho 22, 2006

The Top 20 Most Critical Internet Security Vulnerabilities

Top Vulnerabilities in Windows Systems
W1. Windows Services
W2. Internet Explorer
W3. Windows Libraries
W4. Microsoft Office and Outlook Express
W5. Windows Configuration Weaknesses

Top Vulnerabilities in Cross-Platform Applications
C1. Backup Software
C2. Anti-virus Software
C3. PHP-based Applications
C4. Database Software
C5. File Sharing Applications
C6. DNS Software
C7. Media Players
C8. Instant Messaging Applications
C9. Mozilla and Firefox Browsers
C10. Other Cross-platform Applications

Top Vulnerabilities in UNIX Systems
U1. UNIX Configuration Weaknesses
U2. Mac OS X

Top Vulnerabilities in Networking Products
N1. Cisco IOS and non-IOS Products
N2. Juniper, CheckPoint and Symantec Products
N3. Cisco Devices Configuration Weaknesses


Source: http://www.sans.org/top20

terça-feira, julho 18, 2006

Server monitoring

To make all sorts of graphs:

apt-get install munin munin-node

Example: http://munin.ping.uio.no

To compute more statistics:

* anteater
* isoqlog
* mailgraph

Monitor system logs: logcheck:

* sends you mail with abnormal log lines
* It's important to customize what is normal and you do it with regular expressions

Source: http://www.enricozini.org/blog/eng/seventh-day-in-addis.html

Games for Linux

http://forums.gentoo.org/viewtopic-t-429035-postdays-0-postorder-asc-highlight-monsterz-start-0.html

segunda-feira, julho 17, 2006

Phoronix Linux Compatible Hardware

Phoronix LCH is designed to be a community-driven indexing system for computer hardware under GNU/Linux. This system allows you to post GNU/Linux information on hardware as well as sharing your own personal experiences when it comes to GNU/Linux compatibility. You are also able to browse and search the database for other hardware as well. This is designed to make it much more effortless when deciding what GNU/Linux compatible hardware to go with during your next upgrade. Phoronix LCH is not distribution specific, and allows comments from all versions of GNU/Linux. Phoronix LCH is to spread what works and what doesn't when it comes to hardware under Linux.

http://www.phoronix.com/lch

sábado, julho 15, 2006

Dell laptop explodes at Japanese conference


A laptop reported to be a Dell burst into flame and was caught on camera during a recent Japanese conference. Guess this laptop could be a poster child to prove that laptops really can cause sterility if they are on your lap. :-)

Fully Open Source NTFS Support Under Linux

The Linux NTFS project has released a beta version of its fully open source userspace (using FUSE) 3G-Linux NTFS support driver. According to the developer, this driver beats hands down other NTFS support solutions performance-wise (including commercial Paragon NTFS driver and also Captive NTFS, which is using windows ntfs.sys driver under WINE).

http://www.linux-ntfs.org

terça-feira, julho 04, 2006

The Ten Most Critical Wireless and Mobile Security Vulnerabilities

1. Default WiFi routers: By default, wireless routers are shipped in an un-secured state.

2. Rogue Access Points: set up an authorized access point, without informing the network administrator.

3. Wireless Zero Configuration: When a computer connects to an access point, it generally stores the details of that connection locally. The next time the computer is turned on, the wireless network card immediately looks for the connection and re-establishes the connection. Since the SSID value is sent as plain text, anyone with a sniffer can see it. Programs like Karma automate this process.

4. Bluetooth exploits: BlueSnarfing, BlueBugging, BlueJacking, BlueTooth DoS attacks.

5. WEP Weaknesses: passwords can easily be cracked using Airsnort.

6. Clear Text Encryption Passwords: Some of the most popular mobile encryption programs even store the password in plain text in the registry.

7. Malicious Code: "Airborne" mobile viruses.

8. Autorun: Windows Mobile devices contain a little-known autorun feature that can provide an attacker with a quick and easy method of infection. When a media card is inserted into the PDA, Windows Mobile will copy over the autorun.exe (if it exists), create a copy in the /Windows directory, and execute it. A user can prevent this by creating a read-only dummy executable called autorun.exe and put it in the /Windows folder.

9. Multiple VoIP attacks: VoIP is mostly sent in an unencrypted format. As a result, anyone can see the connection information and capture/record the conversation. Programs like VoMiT and Cain & Abel can easily capture and record conversations. Other programs like sipbomber can kick a user offline. In addition, SiVus (a VoIP scanner) can quickly locate VoIP enabled systems.

10. Lost and stolen devices: All mobile databases should be encrypted. A good, written security policy and user education are also important. Mobile devices should all have a login copyright banner, along with return information.


Fonte: Help Net Security ( http://www.net-security.org/article.php?id=927&p=1 )

segunda-feira, julho 03, 2006

Partimage

Partition Image is a Linux/UNIX utility which saves partitions in many formats (see below) to an image file. The image file can be compressed in the GZIP/BZIP2 formats to save disk space, and split into multiple files to be copied on removable floppies (ZIP for example), ... Partitions can be saved across the network since version 0.6.0.

http://www.partimage.org