Four new OpenSSL security vulnerabilities have been reported. According to OpenSSL website these are the vulnerabilities…
Archive for the ‘Security’ Category
OpenSSL vulnerabilities in ASN.1 parsing
Wednesday, October 1st, 2003OpenSSH Security Advisory (from openssh.org)
Tuesday, September 16th, 2003All versions of OpenSSH’s sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively.
Preventing users from changing the owner of files
Wednesday, September 10th, 2003As you probably know the chown command provides a way for the owner of a file to change the ownership of this file. In some circumstances (i.e. you want to know who created each file on your systems) you will want to avoid this behaviour.
Disabling remote login
Wednesday, September 10th, 2003For security reasons, sometimes you’ll want to only allow root logins from the console on your Solaris box. Next tip shows you how to do it.
Simply edit /etc/default/login and add the following line:
CONSOLE=/dev/console
This will disable rlogin or telnet as root.
Martian address errors
Sunday, September 7th, 2003Martian address errors occur when anyone is trying to connect to your system from the internet with incorrect IP addresses, such as non-routable or spoofed IP addresses.
Restricted OpenSSH users
Friday, August 29th, 2003Did you know that OpenSSH allows you to restrict users from accessing your machine?
By default, OpenSSH allows logins for anyone with a shell and valid password. Imagine a mail server where mail users have a system account. If you would like to deny access to some of them, OpenSSH provides a means of doing so.
Disable replies to broadcast pings
Monday, August 25th, 2003Some types of DoS – Denial of Service – attacks (i.e. smurf, fraggle) utilize IP directed broadcasts in combination with echo protocols and spoofed packets to generate multiplied traffic streams.
Web bugs (spam)
Sunday, August 10th, 2003Web bug is a common technique designed to monitor who is reading a web page or email message. It is also known as clear GIF, 1-by-1 GIFs or invisible GIFs.
OpenSSH: disable root access
Sunday, August 3rd, 2003Is your mail server an “open mail relay”?
Monday, July 14th, 2003An open mail relay or simply an open relay is a mail server that allows non local users to send mail to another non local users. I mean, the mail server processes mail messages where neither the sender nor the recipient are users of the local mail system. This is the perfect scenario for spammers to abuse your system.
