similar to: What to do when you've been hacked?

On Monday, January 25, 2016 11:56:19 AM Warren Young wrote: > On Jan 25, 2016, at 11:04 AM, Benjamin Smith <lists at benjamindsmith.com> wrote: > > We have a prospective client who is asking us what our policy is in the > > event of unauthorized access. > > Tell them you use the Mr. Miyagi defense: ?Don?t get hit.? > > Your prospective client sounds like they?re

On Jan 25, 2016, at 11:04 AM, Benjamin Smith <lists at benjamindsmith.com> wrote: > > We have a prospective client who is asking us what our policy is in the event > of unauthorized access. Tell them you use the Mr. Miyagi defense: ?Don?t get hit.? Your prospective client sounds like they?re expecting someone to have established procedures to deal with breaches. You know who

1] not using secure http for log-ins seems a bit 20th century. 2] to join this mailing list, I needed to send my new credentials over unsecured http - see 1] above. 3] to change password from the compromised reset password, I need to use unsecured http - see 1] above. My point here is that if you are saddened, upset or concerned about the compromise, might the 3 above points also be on the list

On Mon, January 25, 2016 19:12, Benjamin Smith wrote: > > Which I'd consider "best practices" and we do them. > They are specifically asking about what to do *after* a > breach. Despite all the best practices in > place, there's *still* some risk. > If someone wants in to your network then they will get in. There is no point in deluding yourself or your

As approximately 130 million other US citizens, I am dutifully preparing for the April deadline for filing my income tax returns. Reviewing the WINE AppDB for installable tax software to help out in the process, it appeared that 2nd Story Software's TAX ACT was most likely to work with the WINE version (1.1.17) installed on my Mandriva-equipped HP laptop. As it turned out, TAX ACT was able

(Sorry, third time -- last one, promise, just giving it a subject line!) OK, a second machine hosted at the same hosting company has also apparently been hacked. Since 2 of out of 3 machines hosted at that company have now been hacked, but this hasn't happened to any of the other 37 dedicated servers that I've got hosted at other hosting companies (also CentOS, same version or almost),

Hi, Just wanted to know if this also applies to the codeweavers website or only wineHQ was affected? Being wine a hosted codeweavers project it leads me to think the hackers may have compromised some of that info too. thanks for the honesty on the announcement and hope you can get everything sorted out :D -- X1R1 -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hey all, Let's make an assumption: 1) I am a root user on a system. 2) I don't want said system being used as a jumping-off point if either a user account or the root account is compromised. Given an unencrypted private key, plus a known_hosts file, plus bash_history, it's a pretty easy avenue of attack once you're in the front door. And it's happened before*. Thus,

Hello Everyone, Does anyone have any more detail about what kind of system Anthem / Blue Cross was running and what kind of attack broke into their system? It's terrible that it happened, but I think it would benefit all Admins everywhere to learn how it happened so that we can secure our systems from a similar breach of information. Anyone know? Chris

Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than

Dear all, what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying it, you will hardly ever notice. Is there a

Hi list, Well I really didn't want to see things get to this point, but Sherman at Sipura along with their President Jan F. leave me no other choice. SIPURA has been provided a letter from our attorney for Breach of Contract and damages. They have yet to respond. A quick background. 1. Sherman (SIPURA's Director of Marketing), stated that we would do a join press release for the Oct

My home system has been hacked. It's running CentOS 4.4, and I recently added an account to play around with Samba shares to back up PCs here at home. I had set a weak password for that account and forgot to disable it after my testing. I could hear the disk being accessed constantly, so I knew something was up. I disabled the port forwarding to my CentOS box on my Linksys router

Hi, I am sad to say that there was a compromise of the WineHQ database system. What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility. We do not exactly how they obtained access; it was either by compromising an admins credentials, or by exploiting an unpatched vulnerability in phpmyadmin. We had reluctantly provided access to phpmyadmin to the

Hi, I admit I never gave security that much thought, that is, except the most basic security rules like choosing good passwords, or reasonable file and directory permissions. But now I have to change that, since I'll soon have to setup a dedicated production server for our public libraries. I wonder where to begin. I would say first thing is get a series of "auditing" tools

What's the point on this for us, CentOS users ? http://www.redhat.com/security/data/openssh-blacklist.html Regards, kfx

On Sun, 4 Oct 2020, Christoph Anton Mitterer wrote: > On Sat, 2020-10-03 at 19:44 +1000, Damien Miller wrote: > > Otherwise, feel free to ask me anything. > > Was it ever considered that the feature itself could be problematic, > security-wise? Of course we considered this. > I see at least two candidates: > - It's IMO generally a bad idea to distribute

Hello everyone, I am trying to write a wrapper around rsync to do some automated file sync-ing between two servers. I am using ssh as the tranport. How can I avoid the password prompt for ssh? I think I can configure ssh to not require passwords, but this would expose the obvious security risk.What are other users doing to get by this? Is there some tricks I can do in scripting that would allow

On 12/13/2015 12:45 PM, Valeri Galtsev wrote: > On Sun, December 13, 2015 11:36 am, Alice Wonder wrote: >> >> >> On 12/13/2015 08:39 AM, Timothy Murphy wrote: >>> Alice Wonder wrote: >>>> One of the benefits of systemd is the dependency based parallel > startup. >>>> The same speed can often be achieved with system V init by fine tuning >

I have not, I'll look into that one, thanks! On 11/14/2019 9:48 AM, SternData wrote: > Do you run rkhunter? > > On 11/14/19 9:40 AM, Christopher Wensink wrote: >> How do you know when a Linux system has been compromised?? >> >> Every day I watch our systems with all the typical tools, ps, top, who, >> I watch firewall / IPS logs, I have logwatch setup and