'Update'에 해당되는 글 7건

  1. 2010.03.04 Update Snort by CEOinIRVINE
  2. 2009.03.18 Ahead of the Bell: Analysts cheer iPhone update by CEOinIRVINE
  3. 2008.12.18 Red Hat Update for Kernel by CEOinIRVINE
  4. 2008.12.17 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities by CEOinIRVINE
  5. 2008.12.10 EA Expects Low Profits, Job Losses by CEOinIRVINE
  6. 2008.11.22 Meta Data: iPhone 2.2 by CEOinIRVINE
  7. 2008.10.31 CentOS Update Server and Local Repository by CEOinIRVINE

Update Snort

Hacking 2010. 3. 4. 09:05
2010.3.3 Wed

Once Snort is installed, It is required to install the Snort signature rules and keep them up-to-date.
By chance, there is a perl script that will give us some precious help: Oinkmaster.

#apt-get install oinkmaster
Install or update the rules.

To downlaod the Snort rules, we need to create a free account on the Snort website.
The Snort rules are made by Sourcefire and you can get them for free a few days after the commercial subscription release.

Once you are logged into your Snort account, you can get a code at the bottom of the page.

site web snort code oinkmaster

We need this code in the /etc/oinkmaster.conf file.

You need first to know which Snort version you have:

# snort -V
which generates the following output on our test machine:

,,_ -*> Snort! <*-
o" )~ Version 2.3.2 (Build 12)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2004 Sourcefire Inc., et al.

Modify the "url" settings in the /etc/oinkmaster.conf file as below:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/yourcode_here/
snortrules-snapshot-2.3.tar.gz
This will download the snortrules-snapshot-2.4.tar.gz file. The version number in the file name changes depending on the Snort version you have. (2.0, 2.1, 2.2, 2.3, 2.4)

If you have a 2.6.x Snort version, you need to configure the "url" setting as below:

url = http://www.snort.org/pub-bin/oinkmaster.cgi/yourcode_here/
snortrules-snapshot-CURRENT.tar.gz
Let's create a backup folder.

#mkdir /etc/snort/backup
Let us now update the rules. We must be careful not to run oinkmaster as root particularly if your are not in a test environment.
So let's add a user called oinkmaster.

#useradd oinkmaster
Change some permissions to let oinkmaster user run the oinkmaster software:

#chown -R oinkmaster /etc/snort/backup
#chown -R oinkmaster /etc/snort/rules
#chown -R oinkmaster /var/run/oinkmaster
#chmod 644 /etc/snort/snort.conf
Now, it's time to test the oinkmaster perl script under the oinkmaster user.

#su oinkmaster
oinkmaster#oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1
The last instruction means that we call the oinkmaster perl script, we put the new rules in the /etc/snort/rules folder and if there is a change in the new rules, the current /etc/snort/rules will be backed up in the /etc/snort/backup folder.

Here is a example of our backup folder after running oinkmaster:

#dir /etc/snort/backup
rules-backup-20060205-163627.tar.gz

The crontab

Since we are quite lazy, we don't want to manually run this script every day.
A little cron will help us.

crontab -e -u oinkmaster
30 00 * * * oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1 >> /dev/null 2>&1
This will update the rules each day at 00:30
(The crontab command will update the /var/spool/cron/crontabs/oinkmaster file)

crontab -e will open nano by default. If you want to open vi instead just type:
#export EDITOR=vi

'Hacking' 카테고리의 다른 글

Malware Analysis  (0) 2010.04.23
Computer Security Consulting  (0) 2010.04.02
BASE 2010.3.3. Wed  (1) 2010.03.04
Snort IDS Installation  (0) 2010.03.04
TMAC V5 R3 MAC CHANGE  (0) 2009.11.20
Posted by CEOinIRVINE
l

Ahead of the Bell: Analysts cheer iPhone update

IT 2009. 3. 18. 22:40

Ahead of the Bell: Analysts cheer iPhone update


Apple Inc.'s new iPhone operating system should help the company win a larger share of customers buying smart phones, analysts said.

Thomas Weisel analyst Doug Reid said Apple's presentation on the new features Tuesday left him "more confident that (Apple) remains well positioned to gain share in the smart phone market."

In a client note Tuesday, he estimated the Cupertino, Calif. company will capture 11.8 percent of that market this year, up from 7.7 percent in 2008. He kept an "Overweight" rating on shares.

Apple's new software will allow users to cut and paste text for the first time and offers new tools to third-party software makers, including the ability to create applications that have items for sale within them and access to customers' iTunes library of songs.

Needham & Co. analyst Charlie Wolf told clients in a note Wednesday that the new system shows "that Apple is not standing still but continues to build on its leadership in the smart phone operating system and application software market." He kept a "Strong Buy" rating on the shares.

Copyright 2009 Associated Press. All rights reserved. This material may not be published broadcast, rewritten, or redistributed


'IT' 카테고리의 다른 글

Sony Should Fly Solo  (0) 2009.03.22
Review: How an iPod can be a poor man's iPhone  (0) 2009.03.19
iPhone 3.0 LiveBlog Starts Now  (0) 2009.03.18
Apple says it is expanding iPhone features  (0) 2009.03.18
Source: iPhone 3.0 apps to play well with other devices  (0) 2009.03.17
Posted by CEOinIRVINE
l

Red Hat Update for Kernel

Hacking 2008. 12. 18. 11:57
Red Hat update for kernel
Secunia Advisory: SA33201
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2008-12-17
Popularity: 362 views

Critical:
Moderately critical
Impact: Privilege escalation
DoS
Where: From remote
Solution Status: Vendor Patch

OS: RedHat Enterprise Linux AS 3
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux WS 3
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference: CVE-2007-6063
CVE-2008-0598
CVE-2008-2136
CVE-2008-2812
CVE-2008-3275
CVE-2008-3525
CVE-2008-4210
Description:
Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS.

For more information:
SA25895
SA27842
SA30241
SA31048
SA31366

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
RHSA-2008-0973:
http://rhn.redhat.com/errata/RHSA-2008-0973.html

Other References:
SA25895:
http://secunia.com/advisories/25895/

SA27842:
http://secunia.com/advisories/27842/

SA30241:
http://secunia.com/advisories/30241/

SA31048:
http://secunia.com/advisories/31048/

SA31366:
http://secunia.com/advisories/31366/

'Hacking' 카테고리의 다른 글

Gunz Hacking  (0) 2008.12.19
Mozilla Firefox 2 Multiple Vulnerabilities  (0) 2008.12.18
Microsoft Internet Explorer Data Binding Vulnerability  (0) 2008.12.18
PE Format Analysys  (0) 2008.12.18
Buffer Overflow  (0) 2008.12.18
Posted by CEOinIRVINE
l

Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Hacking 2008. 12. 17. 11:16
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Secunia Advisory: SA33179
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2008-12-16
Popularity: 468 views

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference: CVE-2008-1391
CVE-2008-3623
CVE-2008-4217
CVE-2008-4218
CVE-2008-4219
CVE-2008-4220
CVE-2008-4221
CVE-2008-4222
CVE-2008-4223
CVE-2008-4224
CVE-2008-4234
CVE-2008-4236
CVE-2008-4237
CVE-2008-4818
CVE-2008-4819
CVE-2008-4820
CVE-2008-4821
CVE-2008-4822
CVE-2008-4823
CVE-2008-4824
Description:
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) An infinite loop when processing certain embedded fonts in PDF files within the Apple Type Services server can be exploited to cause a DoS (Denial of Service) by e.g. tricking a user into opening a malicious PDF file.

2) A signedness error when handling certain CPIO archive headers exists within BOM. This can be exploited to execute arbitrary code by e.g. downloading or viewing a specially crafted CPIO archive.

3) An error within the processing of color spaces within CoreGraphics can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into viewing a specially crafted image.

Successful exploitation may allow the execution of arbitrary code.

4) Some security issues and vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information.

For more information:
SA32270

5) Multiple integer overflows exist within the "i386_set_ldt()" and "i386_get_ldt()" system calls, which can be exploited by malicious, local users to execute arbitrary code with system privileges.

Note: This does not affect PowerPC systems.

6) An infinite loop when handling exceptions in an application linked to libraries on an NFS share can be exploited to cause a system shutdown.

7) An integer overflow error exists in the "inet_net_pton()" API of Libsystem. This can potentially be exploited to e.g. compromise an application using the vulnerable function.

8) An unspecified error when processing certain input within the "strptime()" API of Libsystem can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. passing a specially crafted date string to an application using the vulnerable function.

9) The "Managed Client" functionality does not always apply the managed screen saver settings correctly, potentially resulting in e.g. the screen saver lock not working as intended.

10) An infinite loop when processing certain TCP packets exists in natd, which can be exploited to cause a DoS by sending specially crafted TCP packets to a vulnerable system.

Successful exploitation requires that Internet Sharing is enabled.

11) An unspecified error within the Podcast Producer server can be exploited to bypass the authentication mechanism and access administrative functions.

12) An unspecified error within the handling of malformed UDF volumes can be exploited to cause a system shutdown by e.g. opening a specially crafted ISO file.

Additionally, this update enhances the CoreTypes "Download Validation" capability to detect and warn about more potentially dangerous file types.

Solution:
Update to Mac OS X 10.5.6 or apply Apple Security Update 2008-008.
http://www.apple.com/support/downloads/

Provided and/or discovered by:
1) The vendor credits Michael Samarin and Mikko Vihonen, Futurice Ltd
2, 3, 8) Reported by the vendor.
5) The vendor credits Richard Vaneeden, IOActive, Inc
6) The vendor credits Ben Loer, Princeton University
9) The vendor credits John Barnes of ESRI and Trevor Lalish-Menagh of Tamman Technologies, Inc
10) The vendor credits Alex Rosenberg of Ohmantics and Gary Teter of Paizo Publishing
12) The vendor credits Mauro Notarianni of PCAX Solutions

Original Advisory:
http://support.apple.com/kb/HT3338

Other References:
SA32270:
http://secunia.com/advisories/32270/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

'Hacking' 카테고리의 다른 글

PE Format Analysys  (0) 2008.12.18
Buffer Overflow  (0) 2008.12.18
Getting Started Reverse Engineering  (0) 2008.12.16
Problems with Penetration Testing  (0) 2008.12.08
Security Job  (0) 2008.12.04
Posted by CEOinIRVINE
l

EA Expects Low Profits, Job Losses

Business 2008. 12. 10. 09:34

This is a transcript of the Market Update: Afternoon Outlook.

Look out for Electronic Arts on Wednesday, after the videogame maker warned that 2009 profits will fall below expectations amid weak holiday sales. The company behind Madden NFL said it will pursue job cuts and reduce its portfolio to save money. The company's CEO said he was disappointed that the holiday slate was not meeting sales expectations.

Investors will be keeping an eye on Wal-Mart (nyse: WMT - news - people ). On Tuesday, the world's largest retailer suspended its share buyback program, citing the poor economy and the troubled credit markets. According to reports, Wal-Mart is also preparing to sell Apple's (nasdaq: AAPL - news - people ) iPhone later this month.

Meanwhile, the fight for Detroit rages on. Lawmakers are still sparring on the terms of a possible $15 billion bailout. There is concern that the deal does not have enough support in the Senate. Both General Motors (nyse: GM - news - people ) and Ford (nyse: F - news - people ) fell more than 4% on Tuesday.

Wednesday will be light on economic and earnings news, but Korn/Ferry, CKE Restaurants (nyse: CKR - news - people ) and FuelCell Energy (nasdaq: FCEL - news - people )are all set to report.



'Business' 카테고리의 다른 글

A Perfect Storm? No, a Failure of Leadership  (0) 2008.12.10
Dems, White House Near Deal on Auto Bailout  (0) 2008.12.10
Better Off Without Yahoo!  (0) 2008.12.10
Sony Slimming Down  (0) 2008.12.10
Employment  (0) 2008.12.10
Posted by CEOinIRVINE
l

Meta Data: iPhone 2.2

Business 2008. 11. 22. 07:23

Meta Data: iPhone 2.2

Brian Caulfield, 11.21.08, 04:40 PM EST

Apple's software update promises improved call quality and adds Google Street View.

Apple released a free software update for the iPhone on Friday, and it's packed with updates big and small.

In addition to fixes meant to improve the phone's call quality and reduce dropped calls (See "The iPhone Isn't A Great Phone"), the software is chock full of the little touches that should leave Apple (nasdaq: AAPL - news - people ) fanboys fiddling with the phones for days

The headliner: the addition of Google Street View for Google Maps. The feature, seen first in T-Mobile's G1, which is powered by Google's Android software, gives users a handy sneak peek of where they're going from a street-level view.

The update is also full of smaller touches, however, such as the ability to download podcasts to the phone over a wireless connection, rather than synching the phone to a PC or Mac running Apple's iTunes software.

Other tweaks include the ability to return to the phone's home screen with the touch of a button--which is helpful now that users can fill their phones with multiple screens full of applications. Users can also turn off an auto-correction feature that had annoyed some users by suggesting substitutes for words they were attempting to type into the phone.

'Business' 카테고리의 다른 글

Street's Rally Can't Lift Citigroup  (0) 2008.11.22
How Your Data Can Get Loose  (0) 2008.11.22
Nokia Designs The Future  (0) 2008.11.21
Why Dell Can't Keep Up With HP  (0) 2008.11.21
Stocks reverse losses on hopes for car makers  (0) 2008.11.21
Posted by CEOinIRVINE
l

CentOS Update Server and Local Repository

Hacking 2008. 10. 31. 09:30

CentOS Update Server and Local Repository

If you have a large number of CentOS servers, it is probably a good idea to have private update repositories on the local network. If each server has to download the same update over the public network connection, it will waste a lot of bandwidth. Not only will having private repos save network through-put, but there will also be a place to distribute your own custom RPM software packages.

The first thing to do is get a full copy of the release version of the OS from the installation media. Find a mirror that has the DVD image at CentOS isos downloads. Here, we are working with CentOS 5.2 64-bit.
# mkdir -p /repo/CentOS/5.2/iso

# cd /repo/CentOS/5.2/iso

# wget -c http://ftp.usf.edu/pub/centos/5.2/isos/x86_64/CentOS-5.2-x86_64-bin-DVD.iso

# mkdir -p /repo/CentOS/5.2/os

# mount -o loop /repo/CentOS/5.2/iso/x86_64/CentOS-5.2-x86_64-bin-DVD.iso /mnt

# rsync -avP /mnt/CentOS /repo/CentOS/5.2/os/

# umount /mnt


Now let's pull down all the latest updates from a mirror. You can find a good rsync mirror at the CentOS mirror list.
# mkdir -p /repo/CentOS/5.2/updates

# rsync -iqrtCO --exclude="*debuginfo*" --exclude="debug/" rsync://mirror.cogentco.com/CentOS/5.2/updates/x86_64 /repo/CentOS/5.2/updates/


Now that you have a local copy of the install media and all the latest RPMs, they should be shared out via http. For http access to the repo, install apache httpd and edit /etc/httpd/conf/httpd.conf, replacing instances of "/var/www/html" with "/repo". Make sure to update the "DocumentRoot" and "Directory" entries.
# yum -y install httpd
# vim /etc/httpd/conf/httpd.conf
# chkconfig httpd on ; service httpd start

We will also have to allow access through the repo server firewall for the local network. Edit /etc/sysconfig/iptables and add in the bellow line before the final DROP statement, substituting in your own subnet.
-A RH-Firewall-1-INPUT -s 192.168.1.0/255.255.255.0 -p tcp --dport 80 -j ACCEPT

and reload iptables:
# service iptables restart

On the systems where we wish to receive updates, we will need to create a .repo file, so our new repositories are used. Substitute in the IP of your own repo server. You may also have to disable the default repo file placed in by the installer, CentOS-Base.repo.
# cat /dev/null > /etc/yum.repos.d/CentOS-Base.repo
# vim /etc/yum.repos.d/internal.repo
# CentOS base from installation media

[base]

name=CentOS-$releasever - Base

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os

#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/

baseurl=http://192.168.1.100/CentOS/$releasever/os/$basearch/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

protect=1


# CentOS updates via rsync mirror

# rsync://mirror.cogentco.com/CentOS/5/updates/i386

# rsync://mirror.cogentco.com/CentOS/5/updates/x86_64

[update]

name=CentOS-$releasever - Updates

#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates

#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/

baseurl=http://192.168.1.100/CentOS/$releasever/updates/$basearch/

gpgcheck=1

gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

protect=1


# localy built and misc collected RPMs

[local]

name=CentOS-$releasever - Local

baseurl=http://192.168.1.100/local/el$releasever/$basearch

enabled=1

gpgcheck=0

protect=0


I prefer to use yum via cron and on boot. Enable this with the following:
# yum -y install yum-protectbase yum-updateonboot yum-cron
# chkconfig yum-updatesd off ; service yum-updatesd stop
# chkconfig yum-updateonboot on
# chkconfig yum-cron on

Notice that there is a "local" repository in the repo config above. This is a directory to hold our own custom RPMs. Any RPMs placed here can be installed via yum on other systems. Once new RPMs are place in, run createrepo to generate the metadata required by yum.
# mkdir -p /repo/local/el5/x86_64
# mv *.rpm /repo/local/el5/x86_64/
# createrepo -v --update /repo/local/el5/x86_64

Once there is a working repo server, updates to the repo dirs can be automated
# touch /etc/cron.daily/update_repo
# chmod +x /etc/cron.daily/update_repo
# vim /etc/cron.daily/update_repo
# CentOS updates

echo "####### rsync://mirror.cogentco.com/CentOS/5.2/updates/x86_64"

/usr/bin/rsync -iqrtCO --exclude="*debuginfo*" --exclude="debug/" rsync://mirror.cogentco.com/CentOS/5.2/updates/x86_64 /repo/CentOS/5.2/updates/


Now the repo will rsync daily with the latest updates. Then your other systems will do a yum-cron and install the updates. Make sure to substitute in your favorite and closest mirror. Enjoy your yum!

'Hacking' 카테고리의 다른 글

Basic of Reverse Engineering  (0) 2008.11.06
Basic of Reverse Engineering  (0) 2008.11.06
OpenLDAP structure  (0) 2008.10.29
Linux open files  (0) 2008.10.28
Microsoft Urgent Patch  (0) 2008.10.25
Posted by CEOinIRVINE
l
◀ 이전페이지 1 다음페이지 ▶
블로그 이미지
Information Security & US & Life & Love & Fashion & Hacking & Passion hack, web security, game security, game hack, fps, ava, wow, starcraft II, soldier front, gunz, reverse engineering, SQL injection, XSS, hacking, penetration testings, IT, internet technlogoy, security, penetratoin testing, XSS, XSRF CEOinIRVINE

최근에 올라온 글

공지사항

카테고리

CEOinIRVINE (2282)
Editorials (4)
Finance & EMBA (1)
Fashion (239)
IT (215)
Hacking (266)
Online Game (17)
Vocabulary (14)
iLoveBlackberry (2)
Business (1108)
Politics (165)
US News (115)
World News (63)
Career Consulting (8)
Apple (5)
Car (13)
Travel (5)
Irvine (3)
Sports (3)
recipe (1)
Music (15)
TVs (11)
Spanish (1)
Cyber Law (1)
Perl (3)
Java (1)
Artificial Intelligence (1)
Stock (1)

태그목록

달력

«   2024/05   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

링크

  • Total :
  • Today :
  • Yesterday :
tistory 티스토리 가입하기!
rss

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

티스토리툴바