mobile logo

Security There are 10 posts in this category

10

A new customer called me and mentioned he was being billed for calls that he wasn’t making on his Asterisk based PBX system.  I knew right away that his system had likely been compromised, and this wasn’t anything out of the ordinary for us to tackle.  As I dug in, it looked to be an unpatched version of Elastix that had a simple compromise, and someone was using it to make phone calls.  The system was reconstructed, and is now back in working order. However, what I also found during the investigation is the asterisk configuration was set to record inbound …

Read More

As is probably obvious from our blog posts on Yubikey SSH/WordPress two factor authentication and Google Authenticator SSH two factor authentication, we at MNX Solutions are big proponents of multi-factor authentication schemes to add security to infrastructure. On the other side of things, though, we have to be agile system administrators in order to offer customers efficient and timely service when a problem occurs. While we still really enjoy our Yubikeys (especially for WordPress), we've found that the offering from Ann Arbor, MI based Duo Security is the one for us. Numerous Points of Integration Directly related to us, Duo easily integrates …

Read More

I wrote a post about using Google Authenticator for SSH a month ago. After writing this post, I started looking at other solutions in the space for two factor authentication. Yubikeys are USB based, and require no device drivers. They work with Mac, Linux, or Windows and are priced starting at $25 each. Compared to the security gained -- Yubikeys are inexpensive. If your going to be at the Indiana Linux Fest this coming weekend (March 25-27th 2011), stop by and visit us -- we have extra Yubikeys to spare. Configuring Wordpress For Two Factor Authentication Configuring SSH For Two Factor Authentication Configuring …

Read More

Last week, Google enabled two factor authentication for everyone. This article explains how to install and configure Google Authenticator in conjunction with SSH for two factor authentication. Two-factor authentication relies on something you know (a password) and something you have (your phone). Update: I have posted another article describing this same implementation with a Yubikey. You can use this existing implementation and Google Authenticator application with SSH via an included PAM in the Google Authenticator open source application. Download the Google Authenticator application First, download and install Google Authenticator on your Iphone/Android/Blackberry. Compile, install, configure Google authenticator PAM You may need a few dependencies. …

Read More

A privilege escalation vulnerability exists in Exim, the mail transfer agent used by cPanel & WHM. All MNX Solutions customers have been patched, and are no longer vulnerable to this privilege escalation vulnerability. If you are not an MNX Solutions customer, you should read the following page for details on how to correct the problem: From http://mail.cpanel.net/pipermail/news_cpanel.net/2010-December/000060.html: To resolve and work around the issue, for Linux-based systems cPanel has issued new Exim RPMs. The new version of Exim locks configuration file locations to the /etc/exim prefix as well as disabling use of the -D flag. Server Owners are strongly urged to upgrade to the …

Read More

PHP is a fantastic web development language if for no other reason than its low learning-curve to create dynamic, database-driven web sites quickly. For this reason and others, there has been an obvious influx of web developers ready to hire-on to create your company's next web application or site. Just like any other employee, contractor or otherwise, you want to be sure that the work being done isn't just quickly thrown together by a novice, but that there is consideration with regard to appropriate programming practices and security being thought of during development. Update: Read Part #2 here and Part #3 …

Read More

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences. ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521 All MNX Solutions Linux Server Management customers have been patched. Plesk 9.5 and 10 include this vulnerability. ALL CURRENT PLESK VERSIONS ARE VULNERABLE. Updating to ProFTPD version 1.3.3c or disabling FTP services is the only solution to this vulnerability. ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The …

Read More

What if you had to let someone go tomorrow for some unforeseen reason. Would you know all of the points that this person or company has access to? How can you be certain unless you keep track of these locations? Even if you know all the locations, do you understand the impact of modifying the users access? Was this users access tied to a critical cron job? Was this user account tied to MySQL access for performing monthly billing? What if this employee happened to own one of your domain names? Surprisingly, we see scenarios like this …

Read More

It has been mentioned in many places on the web, that a vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. The folks over at Ksplice have put together a patch that fixes this vulnerability, and a tool to check if your system has been compromised. More detail is available on the Ksplice Blog. RedHat / CentOS You can read the Redhat Bugzilla info associated with CVE-2010-3081 here: https://bugzilla.redhat.com/show_bug.cgi?id=634457. Details from the bug report The Red Hat Enterprise Linux 4 kernel is not affected by the publicly circulated exploit, but …

Read More

Every week at MNX solutions we handle issues from server security and patch management to system recovery and performance tuning. In this blog series, we will review a number of firewall best practices that you can implement today on your server infrastructure. First things first, do you utilize a firewall on your server? If your answer is "no" or you are not sure, this should be one of your top priorities. You have two major choices for a firewall: hardware or software. A quick note on hardware vs. software firewalls Hardware firewalls can protect every machine on a local network (on the inside or DMZ …

Read More
PAGE 1 OF 2