Tag Archives: security

What Enterprise-grade really means

Recently S. Lott published a post on what’s a clear definition of Enterprise-level applications. Even though I agree with him that “Enterprise-scale” definition has been streched by marketing to mean about anything, I have to disagree with his conclusions: The fact that an enterprise running a mission-critical piece of software can actually survive to bad […]

Posted in Coding | Also tagged , , , , , , | Leave a comment

Top 25 vulnerability RSS feeds

One way to receive up-to-date reports about vulnerability issues is subscribing to vulnerability RSS feeds: they update on demand, they don’t rely on your mail subsystem and they don’t fill up your mailbox. The only drawback is that you could miss alerts if you don’t sync your feeds for a long time, but if you’re […]

Posted in Sysadmin, Tips | Also tagged , , , , , , , , , , , , , , , | 1 Comment

LUKS mermaids of remote unlock

Recently, I’ve browsed several how-to’s regarding the possibility of unlocking a LUKS root volume remotely using an SSH connection. For reference, the first of its kind is the one for Debian, published at Coulmann.de. Some of these how-to’s were posted to forums and mailing-lists and received many thankful comments from sysadmins wondering how to make […]

Posted in Rants, Sysadmin | Also tagged , , , , , , | 6 Comments

Windows back-to-the-future bug

According to this advisory written by Tavis Ormandy, Windows has been exposed to a vulnerability for over 15 years! Microsoft will only release a patch for supported products, so if you have any Windows 2000 or earlier in your lab, the only way to fix is disabling DOS and WOWEXEC.

Posted in Sysadmin | Also tagged , , | Leave a comment

Security through obscurity

If anyone ever, ever, ever dares saying again that open-source-ness is not relevant to security assessment (or worse, that it’s counter-productive), I will kick them to China. Freedom of choice, yeah right.

Posted in Sysadmin | Also tagged , , , , | 2 Comments