Blog Posts Tagged with "SSH"


Webcast: How Gaps In SSH Security Create an Open Door for Attackers

October 27, 2014 Added by:InfosecIsland News

Please join us on Thursday, Oct. 30th at 1PM ET for a special webcast on how Gaps In SSH Security Create an Open Door for Attackers.

Comments  (0)


Let Me out Of Your .NET Work: Server Build

September 19, 2012 Added by:Rob Fuller

First you have to get rid of all other services. That’s harder than you would first assume, because you have to admin the box some how. You could toss SSH on a really high port, or have some kind of backend management, or just remove things from running on a multi-IP’d box...

Comments  (0)


ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)


Assessment of Visual Voicemail Security

March 19, 2012 Added by:Enno Rey

After activation of the VVM feature, the configuration file is stored containing the username, protocol, state of the account and the server IP. Having the username and server IP an attacker can run brute force attacks against the email server which is exposed to the Internet...

Comments  (6)


Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)


ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)


Duqu Servers Included Hacked Linux Systems

December 01, 2011 Added by:Dan Dieterle

Be it brute force password hacking or another Stuxnet 0-Day, Duqu shows that Linux is vulnerable to hackers. With a growing install base, supplanting Windows in many facilities, expect it to become even more of a target...

Comments  (0)


Confusing Inconvenience for Enterprise Security

October 21, 2011 Added by:Rafal Los

When a problem that has been ignored for years suddenly causes immense pain, the result is an often a rash reaction that is grounded in fear and 'the need to do something' rather than a sane approach to securing assets, leading mostly to inconvenience and not better security....

Comments  (0)


When is "Secure File Transfer" Not Secure?

October 13, 2011 Added by:Jonathan Lampe

File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...

Comments  (0)


X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)


Increase in SSH Brute Force Username Guessing

March 23, 2011 Added by:Ted LeRoy

The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...

Comments  (15)


Tips for Deploying Secure Shell in Linux and UNIX

January 10, 2011 Added by:Jamie Adams

Secure Shell is the best method for remote access due to its flexibility and security. It makes it attractive for system administrators as well as system developers and architects. The ability to easily execute commands on remote systems and retrieve files over “secure” channels is seductive...

Comments  (14)


Protecting Against Firesheep with Strict Transport Security

December 27, 2010 Added by:Bozidar Spirovski

Remember, this only protects you against sites that are either already using STS or sites that you have manually added. This really isn't a scalable approach since could be vulnerable and you wouldn't know unless you inspected the traffic going back and forth...

Comments  (0)


Jailbreak SSH Horrors Strike Back

August 09, 2010 Added by:Rob Fuller

This recent jailbreak was using a website, the individuals running that site now have the IP address of freshly jailbroken iPhones and iPads. I am not saying that they have any ill intentions, but sites have been broken into before, and that would be one hell of a gold mine...

Comments  (0)