How To Harden PHP5 With Suhosin On CentOS 5.4

This tutorial shows how to harden PHP5 with Suhosin on a CentOS 5.4 server. From the Suhosin project page: “Suhosin
is an advanced protection system for PHP installations that was
designed to protect servers and users from known and unknown flaws in
PHP applications and the PHP core. Suhosin comes in two independent
parts, that can be used separately or in combination. The first part is
a small patch against the PHP core, that implements a few low-level
protections against bufferoverflows or format string vulnerabilities
and the second part is a powerful PHP extension that implements all the
other protections.”

read more from this topic.....

Ever accidentally left your front door ajar and had a pet escape? [BlackCow] came up with a simple solution to this problem. The circuit is fairly rudimentary but a great example of using the basics to get the job done. Now, instead of having an alarm that sounds as soon as the door is open, he has [...]

read more from this topic.....

read more from this topic.....

read more from this topic.....

Among the important benefits of Linux’s permission hierarchy is its ability to keep untrusted users from running amok. The all-or-nothing nature of root access, however, can present headaches when users are trusted, but only so far. That is a problem the sudo utility attempts to solve, and does so fairly well — except for the occasional glitch. more>>

read more from this topic.....

read more from this topic.....

read more from this topic.....

How To Enforce YouTube Safety Mode To Block Objectionable Content With SafeSquid Content Filtering Proxy

Google recently announced ‘Safety Mode’ for YouTube. When you opt in
to Safety Mode, videos containing mature content, objectionable
material, or age restrictions will be
filtered out of the site’s search results. If a user inputs a direct
link to a mature video, Safety Mode blocks viewing. You also have the
option of ‘locking’ Safety Mode. When you
see the ‘Safety Mode’ option at the bottom of any YouTube video page,
you can choose to opt in to the service and lock that preference with
your YouTube account password (you have
to be logged in). That setting will be locked until the password is
input to change it. It can not be unlocked by any other YouTube account.

read more from this topic.....

read more from this topic.....

read more from this topic.....

$30,000?
Is it art or is it a puzzle? Well, it functions as a game but it’s certainly a work of art and priced accordingly. The Superplexus was featured in Make Mazine and Hammacher Schlemmer sells it for thirty grand (you can’t just click to add it to your cart though). Think of the work that [...]

read more from this topic.....

read more from this topic.....

Another exploit has been found in the Chip and PIN system.  The exploit is a man-in-the middle attack that wouldn’t take too much know-how to pull off. You can watch the BBC report on the issue or check out the paper (PDF) published by the team that found the vulnerability. A stolen card resides in [...]

read more from this topic.....

How To Set Up MySQL Database Replication With SSL Encryption On Ubuntu 9.10

This tutorial describes how to set up database replication in MySQL
using an SSL connection for encryption (to make it impossible for
hackers to sniff out passwords and data transferred between the master
and slave). MySQL replication allows you to have an exact copy of a
database from a master server on another server (slave), and all
updates to the database on the master server are immediately replicated
to the database on the slave server so that both databases are in sync.
This is not a backup policy because an accidentally issued DELETE
command will also be carried out on the slave; but replication can help
protect against hardware failures though.

read more from this topic.....

How To Add Two-Factor Authentication To Openvpn AS With The WiKID Strong Authentication Server

It’s been a while since our last tutorial on how to add two-factor authentication to OpenVPN using the WiKID Strong Authentication System.
The people at OpenVPN have been very active lately and it seems like a
good time to take a look at what they’ve done. It’s still dead simple
to configure, but it is mostly done via the new slick web interface.

read more from this topic.....

Apparently it’s been around for fifteen years but using foil impressions to pick locks is new to us. This is similar to using bump keys but it works on locks that are supposedly much more secure. This method uses a heavy gauge aluminum foil to grab and hold the pins in the correct place for [...]

read more from this topic.....

Configuring Active Directory Or LDAP Authentication And Defining User Or Group Based Access With SafeSquid

This tutorial explains how you can integrate an Active Directory or
LDAP with SafeSquid for user authentication, and create granular user or group based access
policies. This tutorial applies to both, Linux and Windows editions.

read more from this topic.....

[Segher] has reverse engineered the hardware and command set for the NES CIC chips. These chips make up the security hardware that validates a cartridge to make sure it has been licensed by Nintendo. Only after authentication will the console’s CIC chip stop reseting the hardware at 1 Hz. The was no hardware information available [...]

read more from this topic.....

How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny

This article explains how you can set up an SSL vhost under Apache2
on Ubuntu 9.10 and Debian Lenny so that you can access the vhost over
HTTPS (port 443). SSL is short for Secure Sockets Layer and
is a cryptographic protocol that provides security for communications
over networks by encrypting segments of network connections at the
transport layer end-to-end. We use the mod_ssl Apache module here to provide strong cryptography for Apache2 via SSL by the help of the Open Source SSL toolkit OpenSSL.

read more from this topic.....

Setting Up ProFTPd + TLS On Ubuntu 9.10 (Karmic Koala)

FTP is a very insecure protocol because all passwords and all data
are transferred in clear text. By using TLS, the whole communication
can be encrypted, thus making FTP much more secure. This article
explains how to set up ProFTPd with TLS on an Ubuntu 9.10 server.

read more from this topic.....

Dansguardian Content Filtering With Transparent Proxy On Ubuntu 9.10 Karmic

This tutorial explains how you can add content filtering to an
existing Ubuntu 9.10 system, and how you can prevent users from
bypassing the filtering system. We will use Dansguardian content
filtering to set up a transparent proxy.

read more from this topic.....

[over9k] used his Arduino to set up a laser trip wire. The laser is mounted along side the Arduino, reflects off of a mirror, and shines on a photoresistor that interfaces via a voltage divider. The signal from the voltage divider is monitored for a change when the laser beam is broken. [over9k] set things [...]

read more from this topic.....

[Karsten Nohl], with a group of security researchers has broken the A5/1 Stream Cipher behind GSM. Their project web site discusses their work and provides slides(pdf) presented at 26C3. A5/1 has had known vulnerabilities for some time now and is scheduled to be phased out for the newer KASUMI or A5/3 block cipher. This should [...]

read more from this topic.....

read more from this topic.....

read more from this topic.....

read more from this topic.....

read more from this topic.....

read more from this topic.....

Block Spam, Preventing URL Injection And Block HTTP Attacks With mod_dnsblacklist

mod_dnsblacklist is a Lighttpd module that use DNSBL in order to
block spam relay via web forms, preventing URL injection, block http
DDoS attacks from bots and generally protecting your web service
denying access to a known bad IP address.

read more from this topic.....

read more from this topic.....