With less than 1GB after installed in hard drive, it provides common server packages, including apache, php, mysql, samba, sure it [...]]]> I always like to use Slitaz running server, because of the benefit from it’s tiny size and low hardware requirement. More resources can be reserved for server service in compare with other distro.

With less than 1GB after installed in hard drive, it provides common server packages, including apache, php, mysql, samba, sure it contains a X windows. However, I need admit that it still missing some advanced features comparing with great distros like Ubuntu, Debian and Red Hat. One of the feature is IDS.

Although official package already provided snort, it just supports log file output instead of supporting database. To enjoy such advanced feature, we need download the tarball and install by ourselves. This article is to demonstrate the installation step-by-step. Please sit back and enjoy.

Pre-requirement: (Please prepare the following programs source)

• Snort
• jpgraph
• Barnyard2 (Optional), by referring David Gullett’s setup guide, this tiny program can improve the efficiency of Snort
• adodb
• Base

Step-by-step:

1. Install Slitaz, very simple
2. Install official packages by using tazpkg get-install
   - apache2
   - php, php-cli, php-apache, php-mysql, mysql
   - mysql-dev, libpcap, nmap, php-gd, php-pear, slitaz-toolschain
3. Untar jpgraph
   - tar -zxvf jpgraph.tar.gz
   - copy jpgraph/src /var/www/jpgraph
4. Untar barnyard2
   - tar -xzvf barnyard2.tar.gz
   - cd barnyard2
   - ./configure withmysql
   - make
   - make install
   - cp etc/barnyard2.conf /usr/local/snort/etc
   - mkdir /var/log/barnyard2
   - edit /usr/local/snort/etc/barnyard2.conf
   - change the following settings:

   config reference_file: /usr/local/snort/etc/reference.config
   config classification_file: /usr/local/snort/etc/classification.config
   config gen_file: /usr/local/snort/etc/genmsg.map
   config sid_file: /usr/local/snort/etc/sidmsg.map
   config hostname: localhost
   config interface: eth1
   output database: log, mysql, user=SNORT_USER password=SNORT_PASSWORD dbname=snort \
   host=localhost

5. Untar snort tarball
   - tar -zxvf snort.tar.gz
   - ./configurate -with-mysql –prefix=/opt
   - make
   - make install
   - copy etc rules folders into /opt
6. Create user account for running snort
   - addgroup snort
   - adduse snort
7. Create mysql database
   - grant access right to snort account
8. Edit snort config file
   - vi /opt/snort/etc/snort.conf
9. Copy snort rules to /opt
10. Test snort config
11. Install adodb
    - untar downloaded file
    - copy file in web directory
12. Install base
    - untar downloaded file
    - copy file to web directory

ERROR: Failed to find LibVersion() function in … snort_dynamicrules/lib_sfdynamic_example_rule.so

原來解決方法很簡單, 只要將 snort_dynamicrules 目錄內包含 “example” 字眼既檔案移除就可解決.

事件報導後, 令很多人才開始知道 Google 有能力遙控用戶手機及擔心個人資訊問題. 其實, Android Market 使用條款中已列明:

2.4 Google 有時會在「Market」發現違反「Android Market 開發人員發佈協議」或其他法律協議、法律、法規或政策之「產品」。您同意在該等情形下，Google 可以保留權利，酌情將這些應用程式自您的「裝置」中移除。

我相信這是一般用家忽略使用條款既後果, 只要同意了使用條款即同時代表用家明白並遵守該等規則. 如果唔同意那些條款, 唯一可以做的就是停用那些功能. 其實, 當啟用 Android 電話時, 用家必須擁有 Google 賬戶, 其實此時 Google 已經擁有了用家既個人資料. 如果真的擔心個人資訊問題, 可能一開始就不應選擇 Android 電話了.

不過事情又不是想像中需要用家擔心. 因為 Android 是建基於 Linux, 眾所周知, Linux [...]]]> 近日科技網站報導了一則比較關注既新聞, Google遙控刪除用戶已下載既程式. 當中原因是有兩個 Google Market 內的程式被發現有安全問題, Google 發現後已即時從 Market 內移除該程式. 不過, 故事還未完結, Google 同時亦運用遙控權, 先通知受影響用戶後, 再遙控刪除用戶手機內有問題既程式.

事件報導後, 令很多人才開始知道 Google 有能力遙控用戶手機及擔心個人資訊問題. 其實, Android Market 使用條款中已列明:

2.4 Google 有時會在「Market」發現違反「Android Market 開發人員發佈協議」或其他法律協議、法律、法規或政策之「產品」。您同意在該等情形下，Google 可以保留權利，酌情將這些應用程式自您的「裝置」中移除。

我相信這是一般用家忽略使用條款既後果, 只要同意了使用條款即同時代表用家明白並遵守該等規則. 如果唔同意那些條款, 唯一可以做的就是停用那些功能. 其實, 當啟用 Android 電話時, 用家必須擁有 Google 賬戶, 其實此時 Google 已經擁有了用家既個人資料. 如果真的擔心個人資訊問題, 可能一開始就不應選擇 Android 電話了.

不過事情又不是想像中需要用家擔心. 因為 Android 是建基於 Linux, 眾所周知, Linux 有一套權限標準. 除了 Root 是最高系統管理員外, 其他一般賬戶只有特定權限. Google 所使用既遙控戶口相信只有刪除程式既能力. 用家可把手機 Root 了以後修改手機內各賬戶權限, 令 Google 失去遙控能力, 當然這又涉及保養問題.

另外,  從條款中發現使用 Android Market 是有年齡限制的:

1.4 您必須年滿 13 歲，方能使用 Android Market。如果您的年齡介於 13 到 18 歲，則必須擁有家長或法定監護人的許可，方能使用 Market。

透過這些報導, 希望各位提高對使用條款或服務合約既意識. 否則, 發生問題後才追究只會令用家自已承擔後果.

Microsoft 已針對問題發佈了修正程式, 有興趣可到下列網址下載, 不過從報導中發現 Microsoft 所提供的並非最有效既方法.

http://www.microsoft.com/technet/security/bulletin/ms04-015.mspx

最有效既方法係利用管理員權限修改 Windows Registry, 並將 Help and Support 服務停止. 下列引述了簡單步驟:

不過使用任何開發版本都會有應用風險, 各位使用前必須考慮清楚.

如果各位有興趣都可以到 Adobe 既下載區下載 Flash 既開發版本.

[ 本文最後由 Joe Ho 於 2010-6-12 1:21 PM 編輯 ]

在此文發表後, Adobe 在 10-Jun-2010 已發佈新版 Flash, 版本為 10.1.53.64, 有興趣的話可到 Adobe 既下載區下載

儲存後重新啟動 privoxy 便可

As privoxy is cool apps on blocking web [...]]]> 自從使用了 privoxy 攔截廣告後, 大部份常去既網站都已經冇廣告顯示. 不過近日發現某大討論區內仍有廣告出現, 所以貼出此文去更新 privoxy 既規則. 開啟 default.action, 並更改如下設定:

• 在 {-handle-as-image}, 改為
  /.*\.(js|php|css|.?html?|.asp?)
• 在 {+block{Path matches generic block pattern.}}, 加入
  /(.*/)?houseads.js
  /(.*/)?aeiou
• 在 {+block{Might be a web-bug.} +handle-as-empty-document -handle-as-image}, 加入
  .overture.com
• 在 Site-specific block-as-image patterns 的 Banner farms 內， 加入
  .yimg.com/(.*/)?a/

儲存後重新啟動 privoxy 便可

As privoxy is cool apps on blocking web banner or ads, but it also need update regularly because of more and more ads coming out. The following settings are fitting for blocking ads in a popular Hong Kong forum.

In default action:

• Modify to “/.*\.(js|php|css|.?html?|.asp?)” without quotation mark in {-handle-as-image} section
• Add “/(.*/)?houseads.js” and “/(.*/)?aeiou” in {+block{Path matches generic block pattern.}}
• Add “.overture.com” in {+block{Might be a web-bug.} +handle-as-empty-document -handle-as-image}
• Add “.yimg.com/(.*/)?a/” in Banner farms of Site-specific block-as-image patterns

Remember effective the settings after restart privoxy service.

http://www.pcworld.com/article/190622/

首先, 雖然收費既上網服務感覺上令人覺得安全有保障, 但只要其他人處於同一個網絡既人既都有機會接收到你電腦既資料. 而且, 有部份收費既上網服務只有確認使用服務時是使用 https / WEP / WPA / WPA2 加密機制, 當服務一旦確認後上網既傳輸有機會以 http 傳輸 (即資料會在完全沒有保障下傳輸). 所以就算使用此類收費服務都建議盡量使用 https 傳輸.

其次, 使用完任何私人賬戶必須完全登出. 因為有部份程式 (例如 facebook, twitter 等等) 在關閉後仍然會記住登入狀態, 所以當電腦 / 手提電話 / PDA 再次連上網, 程式使會在背後自動登入並更新. 如果該類程式沒有 https 加密保護其他人就有機會獲取到登入資料. Outlook, Outlook Web Access, Gmail 因為本身有 https 機制會較有無障.

最大既問題當然係點樣管制特工們係 Facebook 既 “工作帳號” 同其私人帳號既活動. 其次就係目標身邊既朋友私穩權, 因為 Facebook 本身無一個好既私穩保障. 依類問題似乎連有關當局都未有實質既答案提供, 唯有以後用 Facebook要更加小心.

PCWorld reported that FBI is training its agent to be a friend of their target. It raise many people concern they privacy and the control of such act. As not [...]]]> 跟據一個美國電腦網 PCWorld 報導, 美國 FBI 現正培訓特工怎樣用其他身份登記 Facebook 並成為其 “目標人物“ 既朋友之一. 雖然美國一向反恐, 不過此舉引起連番問題.

最大既問題當然係點樣管制特工們係 Facebook 既 “工作帳號” 同其私人帳號既活動. 其次就係目標身邊既朋友私穩權, 因為 Facebook 本身無一個好既私穩保障. 依類問題似乎連有關當局都未有實質既答案提供, 唯有以後用 Facebook要更加小心.

PCWorld reported that FBI is training its agent to be a friend of their target. It raise many people concern they privacy and the control of such act. As not much feed back from the Authority, the only way to protect yourself is be careful your activities in facebook.
資料來源 / Reference:
http://lm.pcworld.com/t/938024/5558357/63601/0/

Imperva studied the breached passwords and has [...]]]> If you are using “123456″ as your password it is past time to stop. Same if you are using the always popular “Password” to protect your account. Those easy-to-hack passwords were the top and fourth most-popular from among 32 million hacked from RockYou.com, a new study finds.

Imperva studied the breached passwords and has published an interesting study that talks about them. While “Consumer Password Worst Practices” isn’t about us supposedly savvy business users, as an occasional system administrator I’ve run into both 123456 and Password on many occasions.

Here are the top passwords Imperva found among those compromised in the attack (they were posted online, without identifying details, for the world to see–and analyze):

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

If any of those look too familiar, please stop reading this story and change your password now. All these passwords are easy to crack using simple brute-force automated methods. And with the list now published, they are likely to move to the top of everyone’s list of those to try first when attempting to crack an account manually.

“To quantify the issue, the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts,” Imperva said in its report.

Among its key findings:
About 30 percent of users chose passwords whose length is equal or below six characters.
Moreover, almost 60% of users chose their passwords from a limited set of alpha-numeric characters.
Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).

If it makes you feel any better, a similar study of hacked Hotmail passwords from 20 years ago found much the same thing.

Imperva provides a list of password best practices, created by NASA to help its users protect their rocket science, they include:
It should contain at least eight characters
It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.
It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.

Following that advice, of course, means you’ll create a password that will be impossible, unless you try a trick credited to security guru Bruce Schneir: Turn a sentence into a password.

For example, “Now I lay me down to sleep” might become nilmDOWN2s, a 10-character password that won’t be found in any dictionary.

Can’t remember that password? Schneir says it’s OK to write it down and put it in your wallet, or better yet keep a hint in your wallet. Just don’t also include a list of the sites and services that password works with. Try to use a different password on every service, but if you can’t do that, at least develop a set of passwords that you use at different sites.

Someday, we will use authentication schemes, perhaps biometrics, that don’t require so much jumping through hoops to protect our data. But, in the meantime, passwords are all most of us have, so they ought to be strong enough to do the job.

And don’t even try 654321 or Qwerty–19th and 20th on Imperva’s list– OK?

(Here’s a story we did in early 2009 on how to protect your passwords and another with tips on creating strong passwords).

On Wednesday morning, users began seeing a message offering a new, simplified privacy settings page and the ability [...]]]> As promised, Facebook has begun rolling out new privacy options to its 350 million users.Watch out for the “Everyone” setting.

On Wednesday morning, users began seeing a message offering a new, simplified privacy settings page and the ability to set specific options for every post made to Facebook.

The changes, first announced this summer, againpromised last week, and available today, give users much tighter control of who sees what, down to the individual reader, if desired.

Especially important is the new “everyone” setting that determines whether a Facebook post will be seen on other services, such as in Google search results.

Other settings include “only friends” and “friends of friends.” A “customize” option allows users to show or hide a post from specific individuals or user-created lists.

The options are available by clicking on a new “lock” icon that appears next to the “share” button when a Facebook user updates their status. Any setting may be chosen as a default and the default option may be changed as desired.

Facebook also today updated its privacy policy to reflect the changes.

Here is how the “Everyone” setting is described (this may be important to you):

“Information set to ‘everyone’ is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations.

“The default privacy setting for certain types of information you post on Facebook is set to ‘everyone.’ You can review and change the default settings in your privacy settings. If you delete ‘everyone’ content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook.”

As of 8 a.m. Pacific Time today, not all users have been upgraded to the new privacy options. Others were upgraded months ago when Facebook began testing the new options.

My take: Facebook should add even more granularity to the “everyone” option, giving users the ability to opt-in or out of their posts being shared with specific services. It should also include links making it easier to for users to learn what the settings mean.

The description quoted above is complete and reasonably understandable, but is not easy to find. Not difficult, but it requires some looking.

I strongly encourage all Facebook users to visit all the privacy settings pages, especially those for applications and advertising, and make desired changes.

Facebook seems candid about what it does, provides privacy options for users, but it is still up to the individual to make the changes they desire. Not surprisingly, some Facebook defaults are more “open” than many users might desire.

By David Coursey