Blog Posts Tagged with "SSH"

Ffc4103a877b409fd8d6da8f854f617e

Webcast: How Gaps In SSH Security Create an Open Door for Attackers

October 27, 2014 Added by:InfosecIsland News

Please join us on Thursday, Oct. 30th at 1PM ET for a special webcast on how Gaps In SSH Security Create an Open Door for Attackers.

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Let Me out Of Your .NET Work: Server Build

September 19, 2012 Added by:Rob Fuller

First you have to get rid of all other services. That’s harder than you would first assume, because you have to admin the box some how. You could toss SSH on a really high port, or have some kind of backend management, or just remove things from running on a multi-IP’d box...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

Assessment of Visual Voicemail Security

March 19, 2012 Added by:Enno Rey

After activation of the VVM feature, the configuration file is stored containing the username, protocol, state of the account and the server IP. Having the username and server IP an attacker can run brute force attacks against the email server which is exposed to the Internet...

Comments  (6)

959779642e6e758563e80b5d83150a9f

Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Duqu Servers Included Hacked Linux Systems

December 01, 2011 Added by:Dan Dieterle

Be it brute force password hacking or another Stuxnet 0-Day, Duqu shows that Linux is vulnerable to hackers. With a growing install base, supplanting Windows in many facilities, expect it to become even more of a target...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Confusing Inconvenience for Enterprise Security

October 21, 2011 Added by:Rafal Los

When a problem that has been ignored for years suddenly causes immense pain, the result is an often a rash reaction that is grounded in fear and 'the need to do something' rather than a sane approach to securing assets, leading mostly to inconvenience and not better security....

Comments  (0)

85612d572d689128ab07f369ff934d02

When is "Secure File Transfer" Not Secure?

October 13, 2011 Added by:Jonathan Lampe

File transfer utilities copy files from point A to point B and many even use point-to-point transport technologies such as SSL/TLS or SSH. However, transport-level level encryption is rarely enough to provide the assurance required to comply with regulations, expectations or company policies...

Comments  (0)

85612d572d689128ab07f369ff934d02

X.509 Certificates vs. Webs Of Trust (e.g., PGP, SSH)

June 07, 2011 Added by:Jonathan Lampe

My belief is that WOT is fading, not just because PGP Corp was acquired, but also because PGP Corp itself was making or had made several technology decisions to integrate X.509 into PGP encryption and signing processes and even to act as an X.509 certificate authority...

Comments  (2)

E4b33dbe234685965beb3e9f2a0ad456

Increase in SSH Brute Force Username Guessing

March 23, 2011 Added by:Ted LeRoy

The crackers are using automated tools that scan for valid ssh logins using a username list. The sites and names that come up can be processed again, checking for weak passwords or brute force vulnerabilities. The tools and method are not new, but the number of attacks seems much higher lately...

Comments  (15)

4085079c6fe0be2fd371ddbac0c3e7db

Tips for Deploying Secure Shell in Linux and UNIX

January 10, 2011 Added by:Jamie Adams

Secure Shell is the best method for remote access due to its flexibility and security. It makes it attractive for system administrators as well as system developers and architects. The ability to easily execute commands on remote systems and retrieve files over “secure” channels is seductive...

Comments  (14)

E973b16363b3de77b360563237df7e32

Protecting Against Firesheep with Strict Transport Security

December 27, 2010 Added by:Bozidar Spirovski

Remember, this only protects you against sites that are either already using STS or sites that you have manually added. This really isn't a scalable approach since xyz.com could be vulnerable and you wouldn't know unless you inspected the traffic going back and forth...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Jailbreak SSH Horrors Strike Back

August 09, 2010 Added by:Rob Fuller

This recent jailbreak was using a website, the individuals running that site now have the IP address of freshly jailbroken iPhones and iPads. I am not saying that they have any ill intentions, but sites have been broken into before, and that would be one hell of a gold mine...

Comments  (0)