Sharjeel Sayed: Internet Security Blog

Reference: http://www.fail2ban.org/wiki/index.php/MANUAL_0_8

##Manual Installation

# Download Fail2ban from http://www.fail2ban.org/wiki/index.php/Downloads

cd /tmp
wget http://nchc.dl.sourceforge.net/sourceforge/fail2ban/fail2ban-0.8.3.tar.bz2

tar jxvf fail2ban-0.8.3.tar.bz2
rm -rf /tmp/fail2ban-0.8.3.tar.bz2
cd fail2ban-0.8.3

./setup.py install

cd /tmp/fail2ban-0.8.3/files

cp -a redhat-initd /etc/init.d/fail2ban

cd /etc/init.d/

chown root.root fail2ban

chmod 755 fail2ban

/sbin/chkconfig --add fail2ban

/sbin/chkconfig fail2ban on

cd /etc/fail2ban

cp -a jail.conf jail.conf.orig

vi /etc/fail2ban/jail.conf

Edit values as follows
##########
# Put space separated list of IPs you want to ignore
ignoreip = x.x.x.x

[[ssh-iptables]

#enabled = false
enabled = true
filter = sshd
#action = iptables[name=SSH, port=ssh, protocol=tcp]
# sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=admin@yourdomain.com, sender=fail2ban@mail.com]
#logpath = /var/log/sshd.log
logpath = /var/log/secure
#maxretry = 5
maxretry = 3

############

Edit Shorewall configuration (if you are using one as follow)

vi /etc/shorewall/shorewall.conf
#########
#BLACKLISTNEWONLY=Yes
BLACKLISTNEWONLY=No
##########

cd /etc/fail2ban

chown root.root fail2ban.conf
chmod 644 fail2ban.conf

# Log rotation of Fail2ban Logs

cd /etc/logrotate.d

vi fail2ban

###
/var/log/fail2ban.log {
missingok
notifempty
copytruncate
}
###

chown root.root fail2ban
chmod 644 fail2ban

/etc/rc.d/init.d/fail2ban start

# Check fail2ban.log for any errors

tail -f /var/log/fail2ban.log

rm -rf /tmp/fail2ban-0.8.3

Clam Antivirus & SpamAssassin Setup on Qmail

2009-01-03T10:39:00.002+05:30

Reference:http://qmailrocks.org/clamspam_rh.htm

# Install the following Perl Modules using Cpan

Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
Pod::Usage
Parse::Syslog
Statistics::Distributions

yum install perl-suidperl
yum install unzip
yum install gmp-devel
#Installing ClamAv ( http://www.clamav.net/ )

yum install clamav-devel

/usr/sbin/useradd -c "Qmail-Scanner Account" -s /bin/false qscand

#Installing Clamav Manually

/usr/sbin/useradd -c "Qmail-Scanner Account" -s /bin/false qscand

cd /tmp
wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.90.tar.gz
tar zxvf clamav-0.90.tar.gz

cd clamav-0.90

./configure --with-user=qscand --with-group=qscand
make
make install

vi /usr/local/etc/clamd.conf

"Example" - should already be commented out. However, if it is not, make sure that it is commented out (#)
"LogFile" - should be set to /var/log/clamd.log
"User" - should be set to qscand
"PidFile" - should be set to /var/run/clamd.pid
LogTime 1
FixStaleSocket 1
ScanMail 1
LogSyslog 1

cd /var/run/
touch clamd.pid
chown qscand clamd.pid

cp -a /tmp/clamav-0.90/contrib/init/RedHat/clamd /etc/init.d/

chown root.root /etc/rc.d/init.d/clamd

/sbin/chkconfig clamd on

vi /usr/local/etc/freshclam.conf

#Make the necessary changes in the conf file

touch /var/log/freshclam.log

cd /var/log/

chown qscand.root freshclam.log
chown qscand.root clamd.log
cd /usr/local/share/

#chown clamav.qscand clamav (no clamav user)

chown qscand.qscand clamav
/usr/local/bin/freshclam

crontab -e

00 00 * * * /usr/local/bin/freshclam

cd /etc/logrotate.d/

vi clamd

#
# Rotate Clam AV daemon log file
#

/var/log/clamd.log {
missingok
create 640 root qscand
postrotate
/bin/kill -HUP `cat /var/run/clamd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

chown root.root clamd
chmod 644 clamd

/etc/rc.d/init.d/clamd start

#Installing SpamAssassin

#Using cpan install the following Perl Module

install Mail::SpamAssassin

yum install spamassassin

/usr/sbin/groupadd spamd

/usr/sbin/useradd -g spamd -s /home/spamd spamd

vi /etc/sysconfig/spamassassin

If the above file exists, replace its contents with the following line. If the file does not exist, create it and add the following line:

SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"

vi /etc/mail/spamassassin/local.cf

Add the following line...

required_hits 5

/etc/rc.d/init.d/spamassassin start
/sbin/chkconfig spamassassin on

# If you encounter the following errors in /var/log/maillog

###########
Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341, line 193._)
Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping:__(Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341, line 193._)
Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping:__(Can't locate object method "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341, line 193._)
##########

# then do the following

cp -a /etc/mail/spamassassin/init.pre /etc/mail/spamassassin/init.pre.orig

vi /etc/mail/spamassassin/init.pre
# Comment out this line
#loadplugin Mail::SpamAssassin::Plugin::SPF

# Update spammassain every night by setting up a cronjob

/usr/lib/cpan
install LWP::UserAgent

yum install gnupg

# Please check the update by running /usr/bin/sa-update manually to ensure no errors are encountered
crontab -e

00 1 * * * /usr/bin/sa-update && /sbin/service spamassassin restart
ps aux | grep spamd

#You should the following info concerning spamassassin. The PID might differ on your system, but you get the idea.

#spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /home/spamd -d

setup

#One in the setup menu, scroll down and select the "system services" option. From the system services menu, scroll down to "clamd".

#Installing Qmail Scanner (http://qmail-scanner.sourceforge.net/) and Qmail analog ( http://www.qms-analog.teel.ws/ )

cd /tmp

wget http://kent.dl.sourceforge.net/sourceforge/qms-analog/qms-analog-0.4.4.tar.gz

tar zxvf qms-analog-0.4.4.tar.gz

cd qms-analog-0.4.4

make all

cd /tmp

wget http://kent.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-2.01.tgz

tar zxvf qmail-scanner-2.01.tgz

# Download the Qmail-Scanner-2.01st (st patch) patch from http://toribio.apollinare.org/qmail-scanner/

cd /tmp

wget http://toribio.apollinare.org/qmail-scanner/download/q-s-2.01st-20070204.patch.gz

gunzip q-s-2.01st-20070204.patch.gz

cp -a q-s-2.01st-20070204.patch /tmp/qmail-scanner-2.01

cd /tmp/qmail-scanner-2.01

patch -p1 < install=" else" install="--install" qmailqueue="/var/qmail/bin/qmail-scanner-queue.pl" page_id="98" shell="/bin/sh" vpop="| /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox" vhome="`/usr/local/vpopmail/bin/vuserinfo" host ="="="" exit ="="="" returncode ="="" returncode ="="" returncode ="="" maildirquota="`/usr/bin/head" returncode ="="" returncode ="="" end ="="="" returncode ="="" returncode ="="" end ="="="" vpop="| /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox" vhome="`/usr/local/vpopmail/bin/vuserinfo" vpop="| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" vhome="`/home/vpopmail/bin/vuserinfo" list="$2/Maildir/courierimapsubscribed" test="`cat">> $LIST
fi
else
# the file does not exist so we define the full list
# and then create the file.
FULL="INBOX\nINBOX.Sent\nINBOX.Trash\nINBOX.Drafts\nINBOX.$1"

echo -e $FULL > $LIST
/bin/chown vpopmail:vchkpw $LIST
/bin/chmod 644 $LIST
fi
#######

chmod 755 /usr/local/sbin/subscribeIMAP.sh

qmailctl stop
qmailctl start
qmailctl stat

In case of issues check these log files

tail -f /var/log/qmail/qmail-smtpd/current
tail -f /var/log/qmail/qmail-send/current

# Setup Log rotation for maildrop.log file as follows

cd /etc/logrotate.d/

vi maildrop
###
/var/log/qmail/maildrop.log {
missingok
notifempty
copytruncate
}
###

chown root.root maildrop
chmod 644 maildrop

# DCC Razor Pyzor and RBL setup

# Install DCC
mkdir /downloads/spam
cd /downloads/spam
# Download DCC from http://www.rhyolite.com/anti-spam/dcc/
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
tar zxfv dcc.tar.Z
cd dcc-1.3.45/
./configure
make install
cd /downloads/spam

# Install Pyzor
Download Pyzor from http://pyzor.sourceforge.net
cd /downloads/spam
wget http://nchc.dl.sourceforge.net/sourceforge/pyzor/pyzor-0.4.0.tar.bz2
tar xjvf pyzor-0.4.0.tar.bz2
cd pyzor-0.4.0
python setup.py build
python setup.py install
pyzor discover
cd /downloads/spam

# Setup cronjob to update pyzor servers automatically

00 1 * * * /usr/bin/pyzor discover

# Install Razor

# Install the following perl modules

perl -MCPAN -e "install Time::HiRes"
perl -MCPAN -e "install Digest::SHA1"
perl -MCPAN -e "install MIME::Base64"
perl -MCPAN -e "install Test::Simple"
perl -MCPAN -e "install Test::Harness"
perl -MCPAN -e "install Getopt::Long"
perl -MCPAN -e "install File::Copy"
perl -MCPAN -e "install URI::Escape"

# Download Razor from http://razor.sourceforge.net/
cd /downloads/spam
wget http://jaist.dl.sourceforge.net/sourceforge/razor/razor-agents-2.82.tar.bz2
tar xjvf razor-agents-2.82.tar.bz2
cd razor-agents-2.82
perl Makefile.PL
make test
make install

razor-admin -create

cd /root/.razor
chown spamd.spamd razor-agent.conf
chmod 764 razor-agent.conf
razor-admin -register -user=postmaster@yourdomain.com
cp -a /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf.orig

#Generate a local.cf file from http://www.yrex.com/spam/spamconfig.php.Use the http://opensourceheaven.net/local.cf.txt file as reference.
vi /etc/mail/spamassassin/local.cf
# Paste the contents of the generated local.cf file here

dcc_home /var/dcc
dcc_path /usr/local/bin/dccproc
dcc_dccifd_path /var/dcc/libexec/dccifd

pyzor_path /usr/bin/pyzor
score PYZOR_CHECK 1

########

sa-learn --sync

/etc/rc.d/init.d/spamassassin restart

# Run the following command to check if spamassassin configuration is correct

spamassassin -D --lint

# Enabling Surbl in spamassassin

perl -MCPAN -e "install Net::DNS::Resolver"

updatedb && locate v310.pre

#If this file is already in /etc/mail/spamassassin, then you are ready for the next bit. If the file is somewhere else on your system, copy it to /etc/mail/spamassassin/.

vi /etc/mail/spamassassin/v310.pre

Add these lines at the end:

# SURBL DNS Blacklisting
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

qmailctl stop
qmailctl start
/etc/init.d/spamd restart

#To test if the changes are working, send yourself a message (from a different email address) with http://surbl-org-permanent-test-point.com in the message body. If all is well message should be tagged as spam.

#Enable RBL checking

vi /var/qmail/supervise/qmail-smtpd/run
# Edit the lines as shown below
/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g ................ \
rblsmtpd \
-r zen.spamhaus.org \
-r bl.spamcop.net \
-r relays.ordb.org \
/var/qmail/bin/qmail-smtpd server.yourdomain.com \
qmailctl stop
qmailctl start
qmailctl stat

# Installing fuzzyocr to block image spam

References:
http://www.goodcleanemail.com/kb.php?ToDo=view&questId=90&catId=2
http://fuzzyocr.own-hero.net/wiki/Downloads

# Installing dependecnies
yum install ImageMagick
yum install netpbm
yum install netpbm-progs
yum install netpbm-devel
yum install libungif
# On Fedora Core 6 libungif is known as giflib
yum install libungif-progs
# On Fedora Core install giflib-utils instead of libungif-progs

cpan
install String::Approx

# Installing GOCR

# Download gocr from http://jocr.sourceforge.net

cd /tmp
wget http://prdownloads.sourceforge.net/jocr/gocr-0.43.tar.gz
tar zxvf gocr-0.43.tar.gz
cd gocr-0.43
./configure --with-netpbm=/usr/lib/
make
make install

# Installing Fuzzyocr

Dwonload Fuzzyocr from http://fuzzyocr.own-hero.net/wiki/Downloads

cd /tmp

wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-2.3b.tar.gz

tar zxvf fuzzyocr-2.3b.tar.gz
cd /tmp/FuzzyOcr-2.3b

vi FuzzyOcr.cf

# Make necessary changes on the lines as shown below

#########
focr_logfile /var/log/FuzzyOcr.log

# Set this to 1 if you are running a version < 3.1.4.
# This will disable a function used in conjunction with animated gifs that isn't available in earlier versions (Default value: 0.0)
#focr_pre314 0.0
focr_pre314 1
focr_enable_image_hashing 1
focr_digest_db /etc/mail/spamassassin/FuzzyOcr.hashdb
focr_base_score 2
###########

vi FuzzyOcr.pm

# Change the log file location as shown below

# Add this line below any existing use statements at start of the file

use Mail::SpamAssassin::Timeout;

######

our $logfile = "/var/log/FuzzyOcr.log";

######

cd /var/log

touch FuzzyOcr.log

chown spamd.spamd FuzzyOcr.log

chmod 755 FuzzyOcr.log

cp -a FuzzyOcr.cf /etc/mail/spamassassin/
cp -a FuzzyOcr.words.sample /etc/mail/spamassassin/
cp -a FuzzyOcr.pm /etc/mail/spamassassin/
cd /etc/mail/spamassassin/
mv FuzzyOcr.words.sample FuzzyOcr.words
chown root.root FuzzyOcr.*

touch focr_digest_db
chmod o+w focr_digest_db

vi v310.pre

# Add these lines
####
# FuzzyOcr Image Spam Filter
loadplugin FuzzyOcr FuzzyOcr.pm
#####

cd /var/log/qmail

chown spamd.spamd FuzzyOcr.log
chmod 600 FuzzyOcr.log

# Run the following command to check if spamassassin configuration is correct

spamassassin -D --lint

/etc/rc.d/init.d/spamassassin restart

# Testing

/tmp/FuzzyOcr-2.3b/samples
spamassassin -t < animated-gif.eml
spamassassin -t < corrupted-gif.eml
spamassassin -t < jpeg.eml
spamassassin -t <>

Dealing with large files and directories in Linux/Unix

2008-04-14T16:25:00.001+05:30

# Finding large files and directories in Linux /Unix

# Finding files above 100 Mb
find / -type f -size +100000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

# Finding directories above 100Mb
find / -type d -size +100000k

# Sort directories as per size with du

du --max-depth=1 -m | sort -n -r

# Finding Directory sizes

du -sh folder_name
du -ch folder_name
du -csh folder_name

# Truncating in use files

cat /dev/null > file_name

# Deleting contents of large directories

If you want to delete all file starting with the name test in the current directory, then run this command

find . -name 'test*' | xargs rm

400,000-strong 'Kraken' botnet has infiltrated 50 Fortune 500 companies -- and now usurps Storm as world's biggest botnet

2008-04-08T09:05:00.000+05:30

The so-called Kraken botnet has been spotted in at least 50 Fortune 500 companies and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques, including regularly updating its binary code and structuring the code in such a way that hinders any static analysis, says Paul Royal, principal researcher at Damballa.

"It's easy to trace but slow to get antivirus coverage. It seems to imply [the creators] have a good understanding of how AV tools operate and how to evade them," Royal says.

Shorewall setup to ease your Iptables setup

2008-04-03T09:47:00.005+05:30

Reference:
http://www.shorewall.net/shorewall_setup_guide.htm

# Backup your existing Iptables configuration so that you can revert back in case something goes wrong

cp -a /etc/sysconfig/iptables /etc/sysconfig/iptables_backup_

# Deploying a safety net to ensure that you dont get locked out
Reference : http://www.iptablesrocks.org/guide/safetynet.php
vi /root/firewall_reset

############
# Iptables firewall reset script
*filter
:INPUT ACCEPT [164:15203]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [147:63028]
COMMIT

*mangle
:PREROUTING ACCEPT [164:15203]
:INPUT ACCEPT [164:15203]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [147:63028]
:POSTROUTING ACCEPT [147:63028]
COMMIT

*nat
:PREROUTING ACCEPT [14:672]
:POSTROUTING ACCEPT [9:684]
:OUTPUT ACCEPT [9:684]
COMMIT

###########

# Test if the above script works and throws no error

/sbin/iptables-restore < /root/firewall_reset

/sbin/iptables -L

# The output should be similar to the following
###
Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
###

# restore your orginal firewall configuration and proceed

/sbin/iptables-restore < /etc/sysconfig/iptables_backup_

# Confirm that your original rules have been restored by running the following command

/sbin/iptables -L

# Create a crontab entry that resets the firewall every 15 minutes

crontab -e

0,15,30,45 * * * * /sbin/iptables-restore < /root/firewall_reset

# Please ensure that you comment out this line after you have succesfully tested you shorewall working.

# Reference:http://www.shorewall.net/shorewall_quickstart_guide.htm

# Before installing ,check if iproute and shorewall already exist

rpm -qa | grep -i "iproute"
rpm -qa | grep -i "shorewall"

# If iproute doesn't exist then proceed as follows

yum install iproute

# Shorewall Installation

# Using Yum
yum install shorewall

# Using RPM
# In most cases shorewall would not exist in yum repositories so proceed as follows for the rpm installation

References :
http://www.shorewall.net/Install.htm
http://www.shorewall.net/download.htm

Download the shorewall and shorewall-perl rpm package

cd /tmp

wget http://www.invoca.ch/pub/packages/shorewall/4.2/shorewall-4.2.5/shorewall-4.2.5-3.noarch.rpm

wget http://www.invoca.ch/pub/packages/shorewall/4.2/shorewall-4.2.5/shorewall-perl-4.2.5-3.noarch.rpm

rpm -ivh shorewall-perl-4.2.5-3.noarch.rpm shorewall-4.2.5-3.noarch.rpm

#Setting up Shorewall on a standalone Linux system with a single static IP address
Reference :http://www.shorewall.net/standalone.htm

# Add your IP address (IP address of the system/gateway you are connecting from and not the server IP address where you are installing shorewall) to the /etc/shorewall/routestopped file to ensure that you stay connected when the firewall restarts.You can find your IP address by visiting http://whatismyip.com
cp -a /etc/shorewall/routestopped /etc/shorewall/routestopped.orig

vi /etc/shorewall/routestopped
# eg. if your IP address ( the system/gateway you are connecting from) is 59.144.118.69
#INTERFACE HOST(S)
eth0 59.144.0.0/24

# You can also add a CIDR number to indicate a range of IPs from which connection will not break
# For eg. if you want to keep alive connections from 192.168.0.1 to 192.168.0.254 during the firewall restart add the following line

#INTERFACE HOST(S)
eth0 192.168.0.0/24

# Find the sample configuration files by running

rpm -ql shorewall | fgrep one-interface

cp -a /usr/share/doc/shorewall-4.2.5/Samples/one-interface /tmp/

cd /tmp/one-interface
# Confirm your ethernet interface ( to check if you have a single lan card)

/sbin/ifconfig -a

vi interfaces

########
#ZONE INTERFACE BROADCAST OPTIONS
net eth0 210.210.18.90 norfc1918,routefilter,tcpflags,logmartians,nosmurfs
########

# The BROADCAST address can be ignored above and instead you can put a -

#RFC-1918 reserves several Private IP address ranges for use in private networks:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

#If your IP address falls in any of the above range, then please remove "norfc1918" in the options section of the interfaces file
# If you have a non-static DHCP IP address,add "detect" in the "broadcast" section and add “dhcp” to the option list.

# Configuration of rules

# You can find custom rules files by running

ls /usr/share/shorewall/macro.*

# You can then use these macros in your shorewall rules file

# For eg. if you want to allow access to your web server running TCP Port 80 and SSHD running on TCP port 22 do the following

# Tip: You can identify the network services running on your server bu issuing the following command.

/bin/netstat -luntp

# Based on the output you get , you can decide which services to allow remote access or not

cd /tmp/one-interface

vi rules

#######
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
Web/ACCEPT net $FW
SSH/ACCEPT net $FW
######

# You can also add the above rules in this way.

vi rules

#########
#ACTION SOURCE DESTINATION PROTO DEST PORT(S)
ACCEPT net $FW tcp 80
ACCEPT net $FW tcp 22
#########
# You can also add the following rule if you see port TCP 113 as closed in your nmap scan.
DROP net $FW tcp 113

If you want to allow conections to let's say the ssh port only from specific IP Addresses on the internet add the following

ACCEPT net:192.0.2.16/28,192.0.2.44 fw tcp 22

# Please ensure that you check the individual macros you applies from /usr/share/shorewall/macro.* to ensure that they work as desired

# You must enable startup by editing /etc/shorewall/shorewall.conf and setting STARTUP_ENABLED=Yes

cp -a /tmp/one-interface/shorewall.conf /tmp/one-interface/shorewall.conf.orig
vi /tmp/one-interface/shorewall.conf
# Modify the lines as shown

#STARTUP_ENABLED=No
STARTUP_ENABLED=Yes
#IPTABLES=
IPTABLES=/sbin/iptables
#IP_FORWARDING=On
IP_FORWARDING=Off
#DISABLE_IPV6=Yes

# Copy your configuration files to appropriate locations

cd /etc/shorewall/
cp -a policy policy.orig
cp -a rules rules.orig
cp -a interfaces interfaces.orig
cp -a zones zones.orig

cp -a /tmp/one-interface/* /etc/shorewall/

rm -rf /tmp/one-interface/

/etc/rc.d/init.d/shorewall restart

# You can use the following command to clear all shorewall rules
/sbin/shorewall clear

# Configure shorewall to auto start at boot time

/sbin/chkconfig shorewall on

# Use nmap from a different system to ensure that your firewall rules are in place

# Multiple IP address to single interface

# Reference:http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html#id2491727

# Ensure that all IP addresses ( non virtual ie. additional IP addresses on separate lan cards ) are configured in the /etc/shorewall/interfaces
# eg.

vi /etc/shorewall/interfaces

#ZONE INTERFACE BROADCAST OPTIONS
net eth1 210.210.23.26 norfc1918,routefilter,tcpflags,logmartians,nosmurfs

# The BROADCAST address can be ignored above and instead you can put a -

#RFC-1918 reserves several Private IP address ranges for use in private networks:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

#If your IP address falls in any of the above range, then please remove "norfc1918" in the options section of the interfaces file
# If you have a non-static DHCP IP address,add "detect" in the "broadcast" section and add “dhcp” to the option list.

# If you are using virtual IP addresses (eg. eth0:0,eth0:1 etc,) configured for a single ethernet card, then you can ignore the above setting in /etc/shorewall/interfaces

# If you have muliple IP addresses and want a sshd to be available on a single IP address (eg. 210.210.23.26 )instead of all IP adresses on the server ,then do this

vi /etc/shorewall/rules

#ACCEPT net $FW tcp 22
ACCEPT net $FW:210.210.23.26 tcp 22

/sbin/shorewall clear
/etc/rc.d/init.d/shorewall restart

# Remove the firewall_reset cron job and the entries in /etc/shorewall/routestopped after shorewall is run and firewall behaves as expected.

How to Secure a Linux Box

2008-04-03T09:42:00.003+05:30

#Reference:http://www.cisecurity.org/bench_linux.html

#Note:This tutorial is based on Fedora Core 4.Should be valid for a newer version of Fedora too.The reader is advised to read the CIS Benchmark pdf after completing all activities mentioned in this document.

# Setup an informative command prompt
export PS1="-\$?-(\u@\h) \w > "

# Hostname Setup
Reference:http://www.cpqlinux.com/hostname.html

# Please ensure that the correct hostname is setup in the following files.The hostname should ideally match the PTR record of the system IP
/etc/hosts
/etc/sysconfig/network
# Use echo to set the hostname in the file below eg.
echo yourhostname > /proc/sys/kernel/hostname
/proc/sys/kernel/hostname
# Virtual IP Setup
cd /etc/sysconfig/network-scripts

#Check for existing network adapters with the command:

ls ifcfg-*

#In most instances, you will see the files ifcfg-eth0 and ifcfg-lo. If you see other files with any other names and are unfamiliar with configuring TCP/IP, you may want to consult with your system administrator before proceeding.

cp -a ifcfg-eth0 ifcfg-eth0:0
cp -a ifcfg-eth0 ifcfg-eth0:1
# Ensure the following lines are configured as

vi icfg-eth0:0
DEVICE=eth0:0
IPADDR=
VLAN=yes

vi icfg-eth0:1
DEVICE=eth0:1
IPADDR=
VLAN=yes

#Disable IPV6

cp -a /etc/modprobe.conf /etc/modprobe_backup.conf
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf

/etc/init.d/ip6tables stop
/sbin/chkconfig --level 35 ip6tables off

# Restart the network to effect changes

/sbin/service network restart

# Edit /etc/hosts and add a line for your new addresses and name such as:
127.0.0.1 localhost.localdomain localhost
x.x.x.x newhost1.yourdomain.com
x.x.x.x newhost2.yourdomain.com

# Disabling selinux

vi /etc/sysconfig/selinux
#check for the line SELINUX
SELINUX=disabled

# Date and Time Configuration

Ref:http://www.linuxsa.org.au/tips/time.html

ln -sf /usr/share/zoneinfo/Asia/Calcutta /etc/localtime

date monthdayhourminyear

yum install ntp

#Configure a cron job to update time every night at 12 AM
00 00 * * * /usr/sbin/ntpdate 0.pool.ntp.org 1.pool.ntp.org

# Configure Automatic Updates using yum.Fedora Core 6 or above will have yum-updatesd instead of yum

/sbin/chkconfig yum on
/sbin/service yum start

# If you wish to disable autoupdation of some package, eg.firefox and cacti ,do the following
cp -a /etc/yum.conf /etc/yum.conf.orig
vi /etc/yum.conf
# Add the following line
exclude=firefox cacti

# For Fedora Core 6 or above do this
# Reference: http://www.die.net/doc/linux/man/man5/yum-updatesd.conf.5.html
cp -a /etc/updatedb.conf /etc/updatedb.conf.orig
vi /etc/yum/yum-updatesd.conf

#########
# Configure the entries as shown below
# automatically install updates
do_update = yes
# automatically download updates
do_download = yes
# automatically download deps of updates
do_download_deps = yes
#########

/sbin/chkconfig yum-updatesd on
/sbin/service yum-updatesd start

crontab -e

00 0 * * * yum -y update

# Configuring updatedb
cp -a /etc/updatedb.conf /etc/updatedb.conf.orig

vi /etc/updatedb.conf
#Configure the following values to yes
#DAILY_UPDATE=no
DAILY_UPDATE=yes

# Configuring Log Compression
cp -a /etc/logrotate.conf /etc/logrotate.conf.orig
vi /etc/logrotate.conf

# uncomment this if you want your log files compressed
compress

# Unalias cp and mv

unalias mv cp

# Firewall ,Reactive IDS and SSH bruteforce prevention setup

Please install and configure shorewall ,psad and fail2ban by referring their separate howtos

# Apache Installation

# Check if Apache is already installed

rpm -qa httpd
service httpd status

# If httpd is not installed proceed with the apache installation as follows

yum install httpd
yum install httpd-devel

# Apache Hardening

Edit httpd.conf file as follows.

cd /etc/httpd/conf/

cp -a httpd.conf httpd.conf.orig

vi /etc/httpd/conf/httpd.conf

# Edit the following entry as follows

#ServerTokens OS
ServerTokens Prod

#ServerSignature On
ServerSignature Off

#Ref:http://www.slac.stanford.edu/comp/unix/apache-security.html
#http://publib.boulder.ibm.com/httpserv/ihsdiag/http_trace.html

# Disabling Indexing
# Ref: http://www.ducea.com/2006/06/26/apache-tips-tricks-disable-directory-indexes/
# In Main Server Configurations

Options -Indexes

# To disable Trace and Track Methods:

For apache version 1.3.34 (or later 1.3.x versions), or apache 2.0.55 (or later), in section 1, add the line
TraceEnable off

For older versions of apache, see below.

#Add Before Secton 3 and in each virtual host configuration section/file
# Block access: SLAC addition
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# End block access rule

# Disabling welcome page
cp -a /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.orig
vi /etc/httpd/conf.d/welcome.conf
# Comment all the lines in the file

# Disabling configuration by .htaccess

AllowOverride None

# Restart Apache
/etc/rc.d/init.d/httpd start

# MySQL Installation
# Check if MySQL is already installed

rpm -qa mysql
service mysqld status

# If Mysqld Daemon is not installed proceed with the MySQL installation as follows

yum install mysql-server
yum install mysql
yum install mysql-devel

#Start MySQL for the first time

mysql_install_db
/etc/rc.d/init.d/mysqld start
#Note:In case you have issues starting Mysql server for the first time and you see error messggaes saying that tmp files could not be created,please run bastille configuration again and answer N to "Q: Would you like to install TMPDIR/TMP scripts?" question reboot the system.Post reboot you can start Mysqld

/sbin/chkconfig mysqld on

#Mysql Hardening:

mysql
# Removing anonymous login:

DELETE FROM mysql.user WHERE User = '';
FLUSH PRIVILEGES;
quit
#Setting Mysql Root password:

/usr/bin/mysqladmin -u root password 'yourpassword'
/usr/bin/mysqladmin -u root -h password 'yourpassword'

# Delete test database

mysql
drop database test;

# Configure Mysql to not listen for external connections

cp -a /etc/my.cnf /etc/my.cnf.orig

vi /etc/my.cnf

[mysqld]
skip-networking

#Perl Installation

#check if perl is installed or not

rpm -qa perl

# If Perl is not installed proceed with the Perl installation as follows

yum install perl

# Cpan configuration

# Before running cpan ensure that gcc is installed else some modules will throw errors during compilation

rpm -qa gcc

# Install gcc if not found

yum install gcc

# Run and configure cpan

cpan

# A first time set of configuration questions will be asked

# Update cpan by running

cpan
install Bundle::CPAN
reload cpan

# Bastille Hardening

#Bastille Installation

cd /tmp

wget http://nchc.dl.sourceforge.net/sourceforge/bastille-linux/Bastille-3.2.1-0.1.noarch.rpm

# Ref: http://www.bastille-linux.org/running_bastille_on.htm#top

rpm -ivh Bastille-3.2.1-0.1.noarch.rpm

# Install Curses from cpan
# Please check wheather ncurses-devel is installed

rpm -qa ncurses-devel

# If ncurses is not installed install it as follows

yum install ncurses-devel

# Install Curses module as follows

cpan

install Curses

# Run bastille text mode hardening as follows

/usr/sbin/bastille -c

# Respond to all questions

# Check your score

/usr/sbin/bastille --report

# ICMP Hardening

# Check and Download sysctl RPM
yum install sysctl

# Enter the following in /etc/sysctl.conf file
net.ipv4.icmp_echo_ignore_all = 1

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.tcp_max_syn_backlog = 4096

net.ipv4.tcp_syncookies=1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.tcp_max_orphans = 256
net.ipv4.conf.all.log_martians = 1

# Diable Forwarding and Gateway functionality
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

#Check for the syntax in the file /etc/sysctl.conf
/sbin/sysctl -p

OR
/sbin/iptables -A INPUT -j REJECT -p icmp --icmp-type 13
/sbin/iptables -A OUTPUT -j REJECT -p icmp --icmp-type 14

# Detailed audit trail setup

Ref: http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html

yum install psacct
chkconfig psacct on
/etc/init.d/psacct start

# Rootkit Hunter

Reference:http://www.rootkit.nl/

Installation:

# Download rkhunter from http://www.rootkit.nl/projects/rootkit_hunter.html
cd /tmp
wget http://nchc.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.2.tar.gz
tar zxvf rkhunter-1.3.2.tar.gz
cd rkhunter-1.3.2
sh installer.sh --layout default --install

# Running Rkhunter
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter -c --createlogfile --quiet
The report will be generated at /var/log/rkhunter.log

#Configure rkhunter for automatic update
crontab -e
00 0 * * * /usr/local/bin/rkhunter --update -q

# SSHD Hardening
cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

vi /etc/ssh/sshd_config

#change port no from 22 to 222
Port 222

PermitRootLogin no

Banner /etc/issue

#This banner is generated when you ran Bastille previously.

#Prevent X11 forwarding
X11Forwarding no

#Don't read the user's ~/.rhosts and ~/.shosts files uncomment IgnoreRhosts yes
IgnoreRhosts yes

# The following switch is not found in Fedora 4.Please check the switch to ensure that it exists #before making this entry

RhostsAuthentication no

RhostsRSAAuthentication no

HostbasedAuthentication no

PermitEmptyPasswords no

#Note:Before restarting ssh please create a non-root account.

Restart sshd
/etc/rc.d/init.d/sshd restart
# Nessus Setup

# Read the Nessus How to file for installing and running Nessus

# CIS benchmark security exercise

# Download the CIS benchmark locally from http://www.cisecurity.org/bench_linux.html and copy the do-backup.sh file in /root and run the same to backup all important directories and files

cd /root
chmod 755 do-backup.sh
./do-backup.sh

# Uninstalling xinetd
rpm -qa xinetd
rpm -e xinetd-versionnumber

# Incase you still want to use some services in xinetd ,please run the following comands to stop these unnnecessary services.

cd /etc/xinetd.d
for FILE in chargen chargen-udp cups-lpd cups daytime \ daytime-udp echo echo-udp eklogin ekrb5-telnet finger \ gssftp imap imaps ipop2 ipop3 krb5-telnet klogin kshell \ ktalk ntalk pop3s rexec rlogin rsh rsync servers services \ sgi_fam talk telnet tftp time time-udp vsftpd wu-ftpd do

chkconfig ${FILE} off done

# Disable GUI
sed -e 's/id:5:initdefault:/id:3:initdefault:/' \
< /etc/inittab-preCIS > /etc/inittab
chown root:root /etc/inittab
chmod 0600 /etc/inittab
diff /etc/inittab-preCIS /etc/inittab

# Disable Unneccessary services
# Please review all services listed in the following script before running.

vi disable_unwanted_services

########
for FILE in apmd avahi-daemon canna cups-config-daemon FreeWnn gpm hidd hpoj hplip innd irda isdn kdcrotate lvs mars-nwe messagebus oki4daemon privoxy rstatd rusersd rwalld rwhod wine; do
/sbin/service $FILE stop
/sbin/chkconfig $FILE off
done

for FILE in nfs nfslock autofs ypbind ypserv yppasswdd portmap smb netfs lpd tux snmpd named postgresql webmin kudzu squid cups ip6tables pcmcia bluetooth mDNSResponder; do
/sbin/service $FILE stop
/sbin/chkconfig $FILE off
done
########

chmod 755 disable_unwanted_services
./disable_unwanted_services

# Assign Proper permissions to log files

chmod o-rwx boot.log* cron* dmesg ksyms* httpd/* maillog* messages* news/* pgsql rpmpkgs* samba/* sa/* scrollkeeper.log secure* spooler* squid/* vbox/* wtmp

chmod o-rx boot.log* cron* maillog* messages* pgsql secure* spooler* squid/* sa/*

chmod g-w boot.log* cron* dmesg httpd/* ksyms* maillog* messages* pgsql rpmpkgs* samba/* sa/* scrollkeeper.log secure* spooler*

chmod g-rx boot.log* cron* maillog* messages* pgsql secure* spooler*

chmod o-w gdm/ httpd/ news/ samba/ squid/ sa/ vbox/

chmod o-rx httpd/ samba/ squid/ sa/

chmod g-w gdm/ httpd/ news/ samba/ squid/ sa/ vbox/

chmod g-rx httpd/ samba/ sa/

chmod u-x kernel syslog loginlog

# Verify passwd, shadow, and group File Permissions

cd /etc
chown root:root passwd shadow group
chmod 644 passwd group
chmod 400 shadow

# Allowing only root access to Cron and At

cd /etc/
rm -f cron.deny at.deny
echo root > cron.allow
echo root > at.allow
chown root:root cron.allow at.allow
chmod 400 cron.allow at.allow

# Restrict Permissions On crontab Files

chown root:root /etc/crontab
chmod 400 /etc/crontab
chown -R root:root /var/spool/cron
chmod -R go-rwx /var/spool/cron
cd /etc
ls | grep cron | grep -v preCIS | xargs chown -R root:root
ls | grep cron | grep -v preCIS | xargs chmod -R go-rwx

# Block all system accounts from loging on to the server

cd /root
vi lock_system_accounts

####
cd /etc
for NAME in `cut -d: -f1 /etc/passwd`; do
MyUID=`id -u $NAME`
if [ $MyUID -lt 500 -a $NAME != 'root' ]; then
/usr/sbin/usermod -L -s /dev/null $NAME
fi
done
###

chmod 755 lock_system_accounts

./lock_system_accounts

rm -rf lock_system_accounts

# Check for empty password accounts
awk -F: '($2 == "") { print $1 }' /etc/shadow

# Set Account Expiration Parameters On Active Accounts

cd /etc
awk '($1 ~ /^PASS_MAX_DAYS/) { $2="90" }
($1 ~ /^PASS_MIN_DAYS/) { $2="7" }
($1 ~ /^PASS_WARN_AGE/) { $2="28" }
($1 ~ /^PASS_MIN_LEN/) { $2="6" }
{ print } ' login.defs-preCIS > login.defs
diff login.defs-preCIS login.defs
chown root:root login.defs
chmod 640 login.defs
diff login.defs-preCIS login.defs

useradd -D -f 7
diff /etc/default/useradd-preCIS /etc/default/useradd
for NAME in `cut -d: -f1 /etc/passwd`; do
uid=`id -u $NAME`
if [ $uid -ge 500 -a $uid != 65534 ]; then
chage -m 7 -M 90 -W 28 -I 7 $NAME
fi
done
diff shadow-preCIS shadow

# Verify No Legacy '+' Entries Exist In passwd, shadow, And group Files

grep ^+: /etc/passwd /etc/shadow /etc/group

# No '.' or Group/World-Writable Directory In Root's $PATH

#To find ‘.’ in $PATH:
echo $PATH | egrep '(^|:)(\.|:|$)'
#To find group- or world-writable directories in $PATH:
find `echo $PATH | tr ':' ' '` -type d $ -perm -002 -o -perm -020 $ -ls

#These commands should produce no output.

#User Home Directories Should Be Mode 750 or More Restrictive

vi user_directories_permission

###############
for DIR in `awk -F: '($3 >= 500) { print $6 }' /etc/passwd`; do
chmod g-w $DIR
chmod o-rwx $DIR
done
##############

chmod 755 user_directories_permission
./user_directories_permission

#No User Dot-Files Should Be World-Writable

vi user_dot_files_non_worldwritable

#############

for DIR in `awk -F: '($3 >= 500) { print $6 }' /etc/passwd`; do
for FILE in $DIR/.[A-Za-z0-9]*; do
if [ ! -h "$FILE" -a -f "$FILE" ]; then
chmod go-w "$FILE"
fi
done
done
#########

chmod 755 user_dot_files_non_worldwritable
./user_dot_files_non_worlwritable

#Remove User .netrc Files

find / -name .netrc

# If any .netrc file is found then run the following script to remove

vi remove_netrc

###############
for DIR in `cut -f6 -d: /etc/passwd`; do
if [ -e $DIR/.netrc ]; then
echo "Removing $DIR/.netrc"
rm -f $DIR/.netrc fi
done
###############

chmod 755 remove_netrc
./remove_netrc

#Set Default umask For Users

vi set_default_umask

#########
cd /etc
for FILE in profile csh.login csh.cshrc bashrc; do
if ! egrep -q 'umask.*77' $FILE ; then
echo "umask 077" >> $FILE
fi
chown root:root $FILE
chmod 444 $FILE
diff ${FILE}-preCIS $FILE
done

cd /root
for FILE in .bash_profile .bashrc .cshrc .tcshrc; do
if ! egrep -q 'umask.*77' $FILE ; then
echo "umask 077" >> $FILE # See description
fi
chown root:root $FILE
diff ${FILE}-preCIS $FILE
done
###########

chmod 755 set_default_umask
./set_default_umask

# Disable Core Dumps

cp -a /etc/security/limits.conf /etc/security/limits.conf.orig

vi /etc/security/limits.conf

#Add the following two lines.In future you can enable core dumps for invidual users if required.

* soft core 0
* hard core 0

####

# Limit Access To The Root Account From su
# Warning:Please add your account to the wheel group before proceeding with this activity else you # will not be able to su.
# eg. /usr/sbin/usermod -G wheel

# In case you want to create a new account and add it to the wheel group, then run this command
/usr/sbin/useradd -G wheel

# Limit Access To The Root Account From su

cd /etc/pam.d/
cp -a su su_backup_18_dec_2006

vi su

##Uncommenting this line allows only the users in the wheel group to become root by using the su command and entering the root password.All other users get the message Incorrect Password

auth required /lib/security/$ISA/pam_wheel.so use_uid

# Banners

# Note:/etc/issue banner should have already been created by BastilleIf you havent run Bastille please create an appropriate banner file /etc/issue as follows

***************************************************************************
NOTICE TO USERS

This computer system is the private property of , whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.

Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.

By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to use
this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.

****************************************************************************
cp -a issue.net issue_backup_todays_date.net

cp -a issue issue.net

# Contents of /etc/motd are displayed after a user logins in so its not neccessary to create a #banner in that file

chown root:root /etc/motd /etc/issue /etc/issue.net
chmod 644 /etc/motd /etc/issue /etc/issue.net

# Removing unnecessary applications
# Please refer http://www.mjmwired.net/resources/mjm-services-fc6.html for the list of services and their uses and recommendations on which to disable
cd /etc/init.d
ls

# Verify the softwares that are listed here.Remove all unnecesaasy packages as show below.

# For eg. if you see bluetooth and you want to identify what package it represnts, do the following
rpm -qf bluetooth
bluez-utils-2.15-7
yum remove bluez-utils-2.15-7

# Do this for all other softwares like portmap,apmd,cups,isdn,irda,etc.

# RHEL comes with virtualisation enabled.Due to this you may see an additional network adapter ( virbr0 ) when you run /sbin/ifconfig -a
# This can be removed by following these steps
#Source :http://www.cyberciti.biz/faq/rhel-fedora-centos-linux-remove-network-interface-virbr0/
yum groupremove "Virtualization"

# Type y when it lists the following pakcages to be removed
libvirt
libvirt-python
rhn-virtualization-host

This will also remove the virbr0 network adapter

#Firewall Configuration

/bin/netstat -ltunp

# The above command will show you list of processes running on specific ports.Please ensure that unnecassary services are disabled and uninstalled as shown in the above point.
# Open required ports in iptables using Shorewall (Please refer the separate Howto)
/usr/sbin/lokkit

# Remove All Compilers and Assemblers

#The following command will help you identify the packages installed on your system
rpm -qa | egrep "^gcc|java|bin86|dev86|nasm"

#Identify the package and remove the ones you dont need

#Verify That No Unauthorized UID 0 Accounts Exists

getent passwd | awk -F: '$3 == "0" { print $1 }'

#should return only the word "root", unless additional uid 0 accounts have been specifically authorized. Having #multiple uid 0 accounts are acceptable if the accounts are authorized, but not recommended for some situations.

Reactive Firewall Setup using Psad

2008-04-03T09:39:00.003+05:30

Reference: http://www.cipherdyne.org/psad/

# Download the latest version of psad from http://www.cipherdyne.org/psad/download/

cd /tmp

wget http://www.cipherdyne.org/psad/download/psad-2.1.4-1.i386.rpm

rpm -Uvh psad-2.1.4-1.i386.rpm
rm -rf psad-2.1.4-1.i386.rpm
cp -a /etc/psad/psad.conf /etc/psad/psad.conf.orig
vi /etc/psad/psad.conf

# Adjust the values as shown

######
EMAIL_ADDRESSES you@domain1.com, you@domain2.com;
HOSTNAME example.com;
# If there is only one network interface on the box, then just set this variable to "NOT_USED".
HOME_NET NOT_USED;
EMAIL_ALERT_DANGER_LEVEL 1;
ENABLE_AUTO_IDS Y;
AUTO_IDS_DANGER_LEVEL 1;
ENABLE_SCAN_ARCHIVE Y;
DISK_MAX_PERCENTAGE 85;
FLUSH_IPT_AT_INIT N;
#######

# Add CIDR value of a private network interface card in HOME_NET if you are using one.Not required if you have a single public interface.

Automate Signature Updates

crontab -e

###
0 0 * * * /usr/sbin/psad --sig-update && /sbin/service psad restart
###

# Ensure that /bin/mail exists or create an appropriate symbolic link /bin/mail poiting to your mail executable
eg.
ln -s /usr/lib/sendmail /bin/mail

/etc/rc.d/init.d/psad start

/usr/sbin/psad --sig-update

/sbin/chkconfig psad on

# Check psad statistics after 5-10 mins by running this command

/usr/sbin/psad --Status

# Setup Cronjob to delete Psad scan archive older than 7 days

crontab -e

0 0 * * * find /var/log/psad/scan_archive -type d -mtime +7 | xargs rm -rf

# Fwsnort Installation

Reference: http://www.cipherdyne.org/fwsnort
# Download fwsnort from http://www.cipherdyne.org/fwsnort/download/

cd /tmp

wget http://www.cipherdyne.org/fwsnort/download/fwsnort-1.0.5.tar.gz

tar zxvf fwsnort-1.0.5.tar.gz

cd /tmp/fwsnort-1.0.5

perl install.pl
cp -a /etc/fwsnort/fwsnort.conf /etc/fwsnort/fwsnort.conf.orig

vi /etc/fwsnort/fwsnort.conf

######
# Modify the uname location as follows
unameCmd /bin/uname;
######
# Add CIDR value of a private network interface card in HOME_NET in /etc/fwsnort/fwsnort.conf if you are using one.Not required if you have a single public interface.

/usr/sbin/fwsnort --no-ipt-sync --verbose

# Check log file for errors and correct accordingly
tail -f /var/log/fwsnort.log

#If you encounter the following errors
###
#[*] It does not appear that string match support has been compiled into
# Netfilter. Fwsnort will not be of very much use without this.
# ** NOTE: If you want to have fwsnort generate a Netfilter policy
# anyway, specify the --no-ipt-test option. Exiting.
#[root@extranet tmp]# tail -f /var/log/fwsnort.log
#[-] Netfilter ipv4options extension not available, disabling ipopts translation.

# then run this

# Update signatures
/usr/sbin/fwsnort --update-rules

#Then run this
/usr/sbin/fwsnort --no-ipt-test --verbose

# Run the generated Netfilter script

/etc/fwsnort/fwsnort.sh

# Enable auto-update of firewall rules
crontab -e

1 1 * * * /usr/sbin/fwsnort --no-ipt-test --verbose > /dev/null 2>&1 && sh /etc/fwsnort/fwsnort.sh > /dev/null 2>&1

# Enable auto-update of fwsnort signatures
crontab -e

0 0 * * * /usr/sbin/fwsnort --update-rules

/etc/rc.d/init.d/psad restart

rm -rf /tmp/fwsnort-1.0.5.tar.gz
rm -rf /tmp/fwsnort-1.0.5

# Enabling whitelisting and Special danger levels for IPs and Port.

Edit the /etc/psad/auto_dl for whitelisting or setting up an elevated danger zone.

# Eg. Add the IP address of the nmap/nessus server in the /etc/psad/auto_dl file before starting the nessus scan.Please ensure that you restart psad after adding the IP address.

Storm worm hits back at investigators with a DDOS attack

2007-10-25T11:01:00.000+05:30

The Storm worm is fighting back against security researchers that seek to destroy it and has them running scared, Interop New York show attendees heard Tuesday.

The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says Josh Korman, host-protection architect for IBM/ISS, who led a session on network threats.

More details of the worm can be found at
http://www.networkworld.com/news/2007/092707-storm-faq.html
http://en.wikipedia.org/wiki/Storm_Worm

Hackers Attack Every 39 Seconds

2007-02-09T00:33:00.000+05:30

Hackers attack computers every 39 seconds, according to new research.

The study, which investigated how exactly hackers crack computers, confirms those regularly issued warnings about password vulnerability. Experts advise longer passwords, regularly changed and not based on users' biographies, that mix letters and numerals and are hard to guess.

“Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections,” study author Michel Cukier of the University of Maryland said. “The computers in our study were attacked, on average, 2,244 times a day.”

Today, hackers briefly overwhelmed at least DNS servers that help manage global computer traffic.

To test how hackers break into computers, Cukier’s team set up weak security on four Linux computers connected to the Internet and monitored hacker attacks.

Unlike the sophisticated hackers portrayed on TV and in films, these hackers weren’t targeting specific computers.

“Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities,” Cukier said.

Hackers crack Vista Activation Server

2006-12-09T03:36:00.000+05:30

Pirates have released another ingenious workaround to Vista's copy protection: a hacked copy of Microsoft's yet-to-be-released volume licencing activation server, running in VMware.

Volume Activation 2.0 is one of the more controversial features of Vista: it means that every copy of Vista has to be activated, even the Business/Enterprise volume licenced editions.

However, to make life easier for administrators, Microsoft worked in a more convenient system of in-house for en masse activation of PCs called KMS – Key Management Service.

The idea behind KMS is that you have a single PC running KMS which can then handle activation for all your Vista clients, so that they don’t have to connect back to Microsoft every single time.

The downside of KMS is that the activation is only good for 180 days, to discourage people bringing in their home systems, activating them and wandering off again.

Bearing in mind that KMS wasn’t scheduled to be released until next year, pirates have managed to get hold of KMS and produce a standalone, fully-activated KMS server called “Windows Vista Local Activation Server – MelindaGates”. Tongue-in-cheek of course…the first “cracked” version of Vista was called Vista BillGates.

Newly issued "secure" British passports cracked in 48 hours

2006-11-18T02:39:00.000+05:30

The Guardian has cracked the so-trumpeted secure British passports after 48 hours of work: Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?

Ten rogues responsible for 80 Percent Of worldwide Spam

2006-11-16T01:15:00.000+05:30

The worst is a "multi-aliased spammer" known variously as Alex or Alexey who lives in the Ukraine. Alex is alleged to work with Russian spam bandits called Pavka/Artofit, which use spam bots to churn out junk.

Leo Kuvayev, number two on the list, who also worked with Pavka/Artofit, has been in hiding after a Massachusetts court handed down $37 million in fines in October 2005 against him for his operations in the US.

Other names include Michael Lindsay of iMedia Networks who Spamhaus says runs a "full-fledged spam-hosting operation" and Jeffrey Peters who runs a fake Russian ISP for spam operations.

Four of the top ten spammers are from Russia, and one from the Ukraine works with the Russians. Two are from the US, with the others from Israel, Hong Kong, and Canada. The Russian government could make a big impact on global spam if they attacked their home-based offenders more aggressively, but years of spam coming from Russian addresses has shown they have little interest in doing so.

Hackers penetrate online brokers

2006-10-26T00:48:00.000+05:30

Customer accounts at online brokers including ETrade Financial Corp. and TD Ameritrade Holding Corp. have been infiltrated by computer hackers in one of the biggest cases of identity theft to strike the U.S. securities industry.

The FBI, the Securities and Exchange Commission and the NASD are trying to unravel the fraud, which has cost New York-based ETrade at least $18 million and caused losses at Ameritrade of Omaha, Neb., company officials said. In one "pump-and-dump" scheme the SEC uncovered, thieves used customers' money to drive up the prices of little-traded stocks and then sold shares they bought earlier at a profit.

"The perpetrators were more organized, and it was a bigger issue this quarter than it had ever been before," ETrade Chief Operating Officer Jarrett Lilien said in an interview. "It wasn't just hitting one company, it was hitting everybody."

Spamhaus Warns of More Spam With Name Loss

2006-10-11T02:42:00.000+05:30

According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' "blacklist" of spammers to help identify which messages to block, send to a "junk" folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists.

January - June 2006: Spam Report

2006-09-30T15:11:00.000+05:30

Conclusions

The volume of spam remains high, at 75%-78% of total mail traffic. An unexpected rise in spam hit the Internet in mid-summer. June closed with 82.2% of all mail traffic being spam.
The most frequent types of spam were: computer fraud, pharmaceuticals (mainly Viagra and similar medications) and educational services.
A new type of fraudulent spam has appeared on In Russia. This new type of spam invites the recipient to send a certain type of text message (containing a code word and/or number) to a paid service number. The spammers' goal is to have funds transferred to their own personal accounts.
The methods currently used for mass spamming are evolving.
Spammers are gaining footholds on message boards and blogs.
Graphical spam is a new development in spammer technology.

Predictions

During the second half of the year, the percentage of spam in the total volume of mail traffic will not decline.
Spam will feature more criminal aspects as the amount of criminalized spam in Russian increases.
The top three spam categories are unlikely to change during the second half of the year.
Spammers will continue to investigate and use other channels for distributing spam.

The Best Anti-Virus Softwares

2006-09-05T22:55:00.000+05:30

Virus.gr tested different Anti-Virus softwares to see how they would stack up against each other.

Rank

1. Kaspersky version 6.0.0.303 - 99.62%

2. Active Virus Shield by AOL version 6.0.0.299 - 99.62%

3. F-Secure 2006 version 6.12.90 - 96.86%

4. BitDefender Professional version 9 - 96.63%

5. CyberScrub version 1.0 - 95.98%

6. eScan version 8.0.671.1 - 95.82%

7. BitDefender freeware version 8.0.202 - 95.57%

8. BullGuard version 6.1 - 95.57%

9. AntiVir Premium version 7.01.01.02 - 95.45%

10. Nod32 version 2.51.30 - 95.14%

11. AntiVir Classic version 7.01.01.02 - 94.26%

12. ViruScape 2006 version 1.02.0935.0137 - 93.87%

13. McAfee version 10.0.27 - 93.03%

14. McAfee Enterprise version 8.0.0 - 91.76%

15. F-Prot version 6.0.4.3 beta - 87.88%

16. Avast Professional version 4.7.871 - 87.46%

17. Avast freeware version 4.7.871 - 87.46%

18. Dr. Web version 4.33.2 - 86.03%

19. Norman version 5.90.23 - 85.65%

20. F-Prot version 3.16f - 85.14%

21. ArcaVir 2006 - 83.44%

22. Norton Professional 2006 - 83.18%

23. AVG Professional version 7.1.405 - 82.82%

24. AVG freeware version 7.1.405 - 82.82%

25. Panda 2007 version 2.00.01 - 82.23%

26. Virus Chaser version 5.0a - 81.47%

27. PC-Cillin 2006 version 14.10.1051 - 80.90%

28. VBA32 version 3.11.0 - 79.12%

29. ViRobot Expert version 4.0 - 76.22%

30. UNA version 1.83 - 75.44%

31. Rising AV version 18.41.30 - 73.60%

32. Sophos Sweep version 6.0.2 - 69.48%

33. Ikarus version 5.19 - 63.22%

34. Antiy Ghostbusters version 5.1.3 - 61.55%

35. Digital Patrol version 5.00.12 - 54.29%

36. Vexira 2006 version 5.002.45 - 52.66%

37. V3Pro 2004 version 6.1.1.2.640 - 52.38%

38. Ewido Premium version 4.0.0.172 - 51.27%

39. Ewido freeware version 4.0.0.172 - 51.27%

40. ClamWin version 0.88.4 - 51.23%

41. E-Trust version 7.2.0.0 - 50.36%

42. ZoneAlarm with VET Antivirus version 6.5.722.000 - 44.65%

43. A Squared Anti-Malware version 2.0 - 43.28%

44. A Squared Free version 2.0 - 43.28%

45. Zondex Guard version 5.4.2 - 41.73%

46. Comodo version 1.0.0.4 - 41.02%

47. Solo 4.0 version 3.1.0 - 40.83%

48. Protector Plus version 7.2.H03 - 37.04%

49. Quick Heal version 8.00 - 33.66%

50. PC Door Guard version 4.2.0.35- 24.13%

51. AntiTrojan Shield version 2.1.0.14 - 24.11%

52. VirIT version 6.1.9 - 21.39%

53. Trojan Hunter version 4.2.924 - 13.44%

54. Trojan Remover version 6.5.1 - 8.00%

55. Tauscan version 1.70.1414 - 7.70%

56. The Cleaner version 4.2.4319 - 6.03%

57. Hacker Eliminator version 1.2 - 1.70%

58. Abacre version 1.4 - 0.00%

How to crash Internet Explorer

2006-09-01T13:15:00.000+05:30

Hackers have identified a code which can crash IE but works well on Firefox.The code has been around for a year now and surprisingly IE hasent fixed this flaw yet.

Microsoft hires hacking groups to pen test Vista

2006-08-06T20:07:00.000+05:30

Back in 2003, the group of four Polish security researchers discovered the RPC (Remote Procedure Call) interface vulnerability that would later be used to unleash the Blaster worm, but because of distrust over Microsoft's willingness to address software flaws at the time, LSD members had to be coaxed into sharing their findings.

Today, LSD is on Microsoft's payroll, working on what is being hailed as the "largest ever penetration test" of an operating system coming out of Redmond, Wash.

Behind the Al-Qaeda Cyber terrorism cell

2006-08-04T14:41:00.000+05:30

Like radar in the last century, the Internet is a radical new tool that is helping to redefine the dimensions of warfare. For al-Qaeda, the shadowy terrorist organization behind 9/11, the Net is helping it to be everywhere … and nowhere.

But there are real people, in real space, maintaining what is, in effect, al-Qaeda's I.T. department. Last October, the most important member of that group so far -- the man who has been called "the Godfather of cyber-terrorism" -- was arrested. He is a 22-year-old Muslim immigrant to Great Britain named Younis Tsouli.

FBI: putting a backdoor in every router soon?

2006-07-16T16:08:00.000+05:30

CALEA (Computer Assistance Law Enforcement) is quietly in the background of current news again, because the FBI is pushing congress to mandate that all future routing equipment manufactured will include back doors for law enforcement. Like in CALEA mandates for telephone switching equipment, such back doors require no warrant to activate, and hence can be secretly enabled at will. Some vendors have already eagerly embraced CALEA inspired backdoors to internet routing equipment in anticipation of future intercept mandates, thereby already compromising the integrity and security their current and future customers. This approach of using backdoors on Internet connected systems, even more so than the original CALEA mandates for wiretapping backdoors in telephone switching centers, is a danger to both our infrastructure and our society.

Top 100 Network Security and Hacking Tools

2006-07-16T00:34:00.000+05:30

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey.Fyodor asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with.

Debian servers hacked second time in 3 years

2006-07-14T23:33:00.000+05:30

The Debian GNU/Linux project today admitted a hacker had compromised one of its internal servers.

In November 2003 several of Debian's servers were similarly compromised and pulled offline.

Super firewall aims to stop DDOS

2006-07-14T23:29:00.000+05:30

Diadem uses data filtering and intrusion prevention technologies to detect rogue activity, then coordinates an automatic reaction based on policies. Current firewalls don't incorporate policies into their capabilities.

The 10 Most Destructive PC Viruses Of All Time

2006-07-08T13:59:00.000+05:30

Computer viruses are like real-life viruses: When they're flying around infecting every PC (or person) in sight, they're scary. But after the fact...well, they're rather interesting, albeit in a gory kind of way. With this in mind, we shamelessly present, in chronological order, the 10 most destructive viruses of all time.

Windows Genuine Advantage Notification Nag Screen Hack

2006-06-10T20:07:00.000+05:30

Hackers have found a way to disable Windows Genuine Advantage Notification Nag Screen by a cracked version of the WGA tool which once installed on a Windows XP PC fools Microsoft into believing that the XP copy is genuine and fit for Windows updates.The cracked version has been uploaded on a public file sharing server and can be downloaded from http://tinyurl.com/zjhw8

Top 10 PC Security Suites

2006-06-04T15:56:00.001+05:30

PC World reviews security suites and here are the top contenders

1) Symantec Norton Internet Security 2006
2) McAfee Internet Security Suite 2006
3) Panda Platinum 2006 Internet Security
4) F-Secure Internet Security 2006
5) Trend Micro PC-cillin Internet Security 2006
6) Zone Labs ZoneAlarm Internet Security Suite
7) Microsoft Windows Live OneCare
8) CA eTrust Internet Security Suite 2006
9) BitDefender 9 Internet Security
10)Aluria Security Center

70 percent of malicious software aimed at theft

2006-05-31T17:49:00.000+05:30

Financial profit has become a priority for creators of "malware," which includes viruses, worms, trojans and spyware.
This confirms a shift from several years ago, when malicious software was often aimed at garnering attention or exposing security flaws

China is fielding Cyber Army

2006-05-31T17:41:00.000+05:30

The Chinese People’s Liberation Army (PLA) is developing information warfare reserve and militia units and has begun incorporating them into broader exercises and training. Also, China is developing the ability to launch pre-emptive attacks against enemy computer networks in a crisis, according to the document, “Annual Report to Congress: Military Power of the People’s Republic of China 2006.”

The 25 Worst Tech Products of All Time

2006-05-27T14:42:00.000+05:30

These products are so bad, they belong in the high-tech hall of shame.

1. America Online (1989-2006)
2. RealNetworks RealPlayer (1999)
3. Syncronys SoftRAM (1995)
4. Microsoft Windows Millennium (2000)
5. Sony BMG Music CDs (2005)
6. Disney The Lion King CD-ROM (1994)
7. Microsoft Bob (1995)
8. Microsoft Internet Explorer 6 (2001)
9. Pressplay and MusicNet 2002
10. Ashton-Tate dBASE IV (1988)
11. Priceline Groceries and Gas (2000)
12. PointCast Network (1996)
13. IBM PCjr. (1984)
14. Gateway 2000 10th Anniversary PC (1995)
15. Iomega Zip Drive (1998)
16. Comet Systems Comet Cursor (1997)
17. Apple Macintosh Portable (1989)
18. IBM Deskstar 75GXP (2000)
19. OQO Model 1 (2004)
21. Eyetop Wearable DVD Player (2004)
22. Apple Pippin @World (1996)
23. Free PCs (1999)
24. DigiScents iSmell (2001)
25. Sharp RD3D Notebook (2004)

Hackers can crack Symantec antivirus program

2006-05-26T20:18:00.000+05:30

Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.

Symantec has boasted that its antivirus products are installed on more than 200 million computers. A spokesman, Mike Bradshaw, said the company was examining the reported flaw but described it as "so new that we don't have any details."

Microsoft To Focus On Linux Competition, Software-As-A-Service, Internet Advertising

2006-05-14T00:13:00.000+05:30

CEO Steve Ballmer said Linux has been outselling Microsoft in areas such as file services, E-mail security, and E-science, which demonstrates that Microsoft needs to innovate.

IP addresses will dwindle by 2010

2006-05-12T06:44:00.000+05:30

It's been known for years that the number of IP addresses was dwindling, but there wasn't as much specificity as to when. Now Masud is predicting 2010 will be when the world runs out, based on current rates of consumption. The U.S. won't be as impacted since so many are allocated here, but emerging markets will take the hardest hit.

China, for instance, has fewer IP addresses allocated than Stanford University. And the U.S. Department of Defense (DoD) has more IP addresses than all of Asia.

Psiphon set to break censorship

2006-05-09T00:13:00.000+05:30

The computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught.

Apache Now the Leader in SSL Servers

2006-04-30T17:59:00.000+05:30

Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.

60 Billion E-Mails Sent Daily

2006-04-27T03:57:00.001+05:30

Internet users around the world send an estimated 60 billion emails every day and many of these are spam or scam attempts, business leaders said on Tuesday.
Deutsche Telekom Chief Executive Kai-Uwe Ricke said cyber criminals were growing more active and sophisticated, and the vast email traffic meant industry, government and Internet users had to be vigilant and work together.
"This figure was new for me as well -- worldwide there are around 60 billion emails sent every day," Telekom Chief Executive Kai-Uwe Ricke told an Internet security conference.
"A large percent of it is spam," Microsoft CEO Steve Ballmer added.

Its time people started using Spamassassin and Dspam to filter their emails.
--
Sharjeel
http://www.sharjeel.net

Torvalds creates patch for cross-platform virus

2006-04-20T02:35:00.000+05:30

Linus Torvalds has had an opportunity to examine the testing and analysis by Hans-Werner Hilse , and has blessed it as being correct. The reason that the virus is not propagating itself in the latest kernel versions is due to a bug in how GCC handles specific registers in a particular system call. He has coded a patch for the kernel to allow the virus to work on even the latest Linux kernel.

Leave it to open source hackers to debug and fix aging viral code so that it works correctly. And shame on the anti-viral industry, Kaspersky Lab in particular, for its attempts to deceive the public by passing off old code as something new.

The Internet Worm of 1988

2006-04-16T03:37:00.000+05:30

On the evening of November 2, 1988, a self-replicating program was released upon the Internet.This program (a worm) invaded VAX and Sun-3 computers running versions of Berkeley UNIX, and used their resources to attack still more computers. Within the space of hours this program had spread across the U.S., infecting hundreds or thousands of computers and making many of them unusable due to the burden of its activity.

New virus can infect Windows/Linux at the same time

2006-04-09T00:18:00.000+05:30

The virus is written in assembler and is relatively simple: it only infects files in the current directory. However, it is interesting in that it is capable of infecting the different file formats used by Linux and Windows - ELF and PE format files respectively.

Internet has more than 80.6 million websites now

2006-04-08T20:24:00.000+05:30

There are now more than 80 million web sites on the Internet, as the April 2006 survey received responses from 80,655,992 sites, an increase of 3.1 million hostnames from March 2006. The web has doubled in size in the past three years, as the survey hit the 40 million mark in April 2003.

Linux a BIG hit in India

2006-04-08T18:02:00.000+05:30

The Penguin , it appears, has finally marched into enterprises like IDBI Bank, Canara Bank, New India Assurance, LIC, BSNL, IRCTC, ABN Amro, Airtel and even the governments of Maharashtra and West Bengal. The list, of course, is not exhaustive.

America's war on the web

2006-04-05T01:37:00.000+05:30

IMAGINE a world where wars are fought over the internet; where TV broadcasts and newspaper reports are designed by the military to confuse the population; and where a foreign armed power can shut down your computer, phone, radio or TV at will.

In 2006, we are just about to enter such a world. This is the age of information warfare, and details of how this new military doctrine will affect everyone on the planet are contained in a report, entitled The Information Operations Roadmap, commissioned and approved by US secretary of defence Donald Rumsfeld and seen by the Sunday Herald.

Microsoft Says Recovery from Malware Becoming Impossible

2006-04-05T01:35:00.000+05:30

In a rare discussion on the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

Al Qaeda hacker caught

2006-03-27T01:22:00.000+05:30

For almost two years, intelligence services around the world tried to uncover the identity of an Internet hacker who had become a key conduit for al-Qaeda. The savvy, English-speaking, presumably young webmaster taunted his pursuers, calling himself Irhabi -- Terrorist -- 007. He hacked into American university computers, propagandized for the Iraq insurgents led by Abu Musab al-Zarqawi and taught other online jihadists how to wield their computers for the cause.

China and Internet censorship

2006-03-27T01:18:00.000+05:30

China has developed very sophisticated technology for intercepting and censoring Internet content. The government blocks many topics it considers sensitive or controversial and often punishes those who try to get around those bans. Reporters Without Borders refers to China as the "world's biggest prison for cyber-dissidents."

DNS servers do hackers' dirty work

2006-03-25T10:54:00.000+05:30

Earlier this year, VeriSign experienced attacks on its systems that were larger than anything it had ever seen before, it said last week. The Mountain View, Calif.-based company, which helps companies do business on the Web, discovered that the assaults weren't coming from commandeered "bot" computers, as is common. Instead, its machines were under attack by DNS (domain name system) servers.

MEPIS founder plots transition to Ubuntu

2006-03-23T23:07:00.000+05:30

MEPIS LLC, a long-time Debian Linux distributor, is switching from Debian to Ubuntu as the basis for its SimplyMEPIS Linux distribution. It seems MEPIS founder Warren Woodford has decided that MEPIS will do better for its users by depending upon Ubuntu, rather than Debian, for its foundation.

Hilf speaks about Linux through Microsoft eyes

2006-03-23T00:29:00.000+05:30

Computerworld managed to grab a few minutes with Hilf, the man who runs Microsoft's Linux and open source technology group to hear the proprietary software giant's views on open source, and what the Linux lab inside Microsoft gets up to.

Security flaws could cripple missile US defense network

2006-03-20T02:08:00.000+05:30

The network that stitches together radars, missile launch sites and command control centers for the Missile Defense Agency (MDA) ground-based defense system has such serious security flaws that the agency and its contractor, Boeing, may not be able to prevent misuse of the system, according to a Defense Department Inspector General’s report.

Debit card fraud is easy and real say experts

2006-03-19T23:46:00.000+05:30

It's often called "white card" fraud. Criminals somehow get their hands on the electronic information stored on a legitimate card's magnetic stripe. Generally, it’s stolen from a retailer or payment processor’s database, as happened when thieves last year broke into computers at CardSystems Solutions Inc. Luckily for the criminals, CardSystems didn't store just account numbers -- it even stored customer's secret codes that were never meant to be copied on magnetic stripes. Stolen "mag stripe" data is the holy grail for card thieves.

U.S. computer security gets poor grade

2006-03-19T14:47:00.000+05:30

The report, part of an annual ritual required by the Federal Information Security Management Act (FISMA) of 2002, gives grades to the two dozen agencies that make up the U.S. government. In 2005, eight agencies--including the Department of Defense, Department of Homeland Security and Department of Energy--received failing marks.

Beat Censorship using these proxies

2006-03-16T02:52:00.000+05:30

Many schools, universities, offices, ISPs and countries like Saudi Arabia, China, Pakistan, Burma, Iran, North Korea, Vietnam ,Cuba, Syria, Tunisia ,Uzbekistan, Egypt, Belarus and Turkmenistan don't allow their surfers to access some web sites which them deem inappropriate.

Here is a list of 350+ proxy sites which let you surf any web site anonymously
&amp;amp;amp;amp;amp;lt;br&amp;amp;gt;

3 Proxy 3 Proxy 3 Proxy 4 Proxy A1 Proxy A Free Proxy Alien Proxy Anonymate Anonymizer Anonymouse Anonymousurfing Anonypath Anonypath Anonypost Anoxx Anti-boredom Anti Trace Anti Trace Antiwebfilter A Proxy Site Arnit At School Awkward Alliteration Backfox Bbscience Best Proxy Big Proxy Block My Boardmerlin Bored At School Box Proxy Browse At School Browse At Work Btunnel Bypasser Bypassit Cacheless Cecid Cgi-proxy Clever Proxy Click Cop Click These Cloaker Cloak My Coconia Concealme Cool Handle Ctunnel Dark Proxy Dejacey Desire Proxy Dnbroker Drpruxy Dtunnel Eat More Blueberries E-konkursy Estealth Exo Proxy Ez Proxy Famous5 Fly Proxy Foxy Proxy Frast Proxy Free Http Proxy Free Internet Proxy Free Proxy Free-proxy Free Proxy Freetoview Free Usa Proxy Free Web Proxy Fritoon Fsurf Fully Sick Proxy Gamecrib Get Past Get Proxy Ghostclick Green Rabbit Hatkoff Hide Hide And Go Surf Hide-me Hide Your Hidip Hujiko I Am New Guy Ibypass Ibypass Ibypass Ibypass Ibypass Ibypass Ideal Proxy Idoxy Intbonline Ipbounce Ipbouncer Ip-privacy Ipsecret Ipzap Jiggyworm Jj4 Just Hide Just Proxy Just Proxy It Kampen Kaz Proxy Kezfun Let Me By Link2caro Lite Proxy Live Proxy Log Buster Log Buster Melloyello Mfp Mint Proxy Mister Proxy Monkey Signs Mr Proxy Msnvip Msxsecurity My Cgi Proxy My Free Proxy My Proxysurfer Myspacehooker My Web Tunnel Netsack Network Techs Nfan Ninja Proxy Node Proxy Nopath Nopath Nsfwurl Page Hot Page Wash Paper Tiger Shark Pc-portal Peoples Proxy Perfect Proxy Perl Proxy Php Proxy Phproxy Phproxy Pimpmyip Pimp Proxy Pionas Porno Proxy Poxy Preoxy Preps On Crack Presto Proxy Prime Proxy Procksee Project Bypass Proxatron Proxene Proxert Proxify Proxify Proxify Proxify Proxify Proxify Proxify Proxify Proxy Proxy1 Proxy121 Proxy7 Proxy77 Proxy Arcade Proxy Aware Proxyboys Proxy Browsing Proxybull Proxy Buster Proxycat Proxy Chat Room Proxy Circle Proxy Craze Proxy Detective Proxy Devil Proxy Drop Proxy Drop Proxy Drop Proxy Drop Proxy Drop Proxy Eyes Proxy For All Proxy Fox Proxy Free Proxyful Proxy Gasp Proxy Genie Proxy Hut Proxy Jet Proxy Kingz Proxy Lord Proxy Maxi Proxy Mod Proxy Nut Proxy Party Proxy Please Proxy Prince Proxy Rocket Proxy Shock Proxy Spy Proxy-surf Proxy Surfing Proxy Tap Proxy Tastic Proxy The Web Proxy Through Proxy Togo Proxy Touch Proxy Wave Proxy Web Proxy Website Proxy Whip Proxyz Pruxy Prxxy Psurf Pt Proxy Public- Proxy Pxy Quiet Proxy R45 Radio-farda Rapid Proxy Roach Host Runarcade Safe For Work Safe Hazard Sd9 Secret Browse Smart- Proxy Smart Proxy Smart Proxy Sneak2 Sneaky Proxy Sneaky Surf Sneaky User Snoop Block Snoop Block Snoop Blocker Snoop Blocker Some Proxy Song Today Sonic Pig Spiffy Proxy Spysurfing Stealth-ip Stoptheblock Student Proxy Stupid Proxy Surf-anon Surfby Proxy Sweet Proxy Switch Proxy Team Proxy Tech Takeover Teen Proxy Tera Proxy That Proxy The Cgi Proxy The Proxy The Proxy Free The Proxy Site The Proxy Spot The Web Tunnel Tnt Proxy Torify Total Upload Traceless Unblock Unblock My Space Unbloxy Undirect Unipeak United Email Systems Urlencoded Use Proxy Virtual-browser Vpntunnel Vrijsurfen Vtunnel W3privacy Want Proxy Website Proxy Webtools King White Proxy Wkccp Work Browse World Want Xerohour Xxx Proxy Your-proxy Your Proxy Yours Domain http://www.privax.us http://www.etary.com http://s1.iphide.com http://proxiesrus.com http://www.surfindark.com http://www.navydog.com http://falsario.com http://www.cheekyproxy.com http://www.funkyproxy.com http://www.surfsneaker.com http://www.proxii.com http://www.proxynumber1.com (Replace 1 with any number between 1 to 10) http://myspaceproxyy.com http://tenpass.com http://www.browsesneaky.com http://www.proogle.info http://greatproxy.info http://www.playnsurf.info http://www.realproxy.info http://aplusproxy.com http://www.ecoproxy.com http://freedom.webtuo.com http://www.proxyz.us http://www.sneakschool.com http://www.iphide.com http://www.slyuser.com/ http://pawxy.com http://pawxy.org http://browseanywhere.info http://www.404surf.com http://www.cloakip.net http://aniscartujo.com/webproxy http://www.browsedark.com http://www.dartprox.com http://www.proxish.com http://www.surfsneak.com http://www.surfsneaky.com http://www.browsehidden.com http://www.filterhide.com http://www.browsesneak.com http://www.eggproxy.com http://www.theschoolcloak.com http://www.badboysproxy.com http://www.surfscreened.com http://www.hidemefast.com http://urlbrowse.com http://www.hideipaddress.net http://www.sneakfilter.com http://www.browsestealth.com http://www.sneak1.info http://underproxy.com http://www.proxypit.com http://www.proxypan.com http://myspacewebproxy.org/ http://www.proxyzip.org http://www.hagiomusic.info http://www.greenpips.info http://www.allfreehere.info http://www.takefreely.info http://logu.in http://autobypass.com http://www.proxcity.info

You can also you the FoxyProxy http://foxyproxy.mozdev.org/ Firefox plugin and TOR http://tor.eff.org/ to browse anonymously.
Google translate http://translate.google.com/ is also used to browse anonymously.

Microsoft Vista: Microsoft loses confidence in .NET

2006-03-15T15:02:00.000+05:30

Microsoft appears to have concentrated their development effort in Vista on native code development. In contrast to PDC03LH, Vista has no services implemented in .NET and Windows Explorer does not host the runtime, which means that the Vista desktop shell is not based on the .NET runtime.

Gates says services are the future for computers -- and Microsoft

2006-03-15T01:45:00.000+05:30

Company makes plans to move away from prepackaged software and into web-based applications

Google uses Red Hat

2006-03-13T00:36:00.000+05:30

Ever wonder how Google stays so reliable and quick? Did you know that they use a stripped down version of Red Hat? Did you know they built their own file system? This article explains it all.

VM Rootkits: The Next Big Threat?

2006-03-12T12:56:00.000+05:30

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system.

Top 50 malicious code samples reveals secrets

2006-03-10T00:52:00.000+05:30

While past attacks were designed to destroy data, today's attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence

Hamachi and UltraVNC-An admin's dream tool combo

2006-03-08T02:31:00.000+05:30

Fix your grandma's pc with these extremely easy tools

Open source less buggy than commercial ware

2006-03-07T22:43:00.000+05:30

The most popular open-source software is also the most free of bugs, according to the first results of a U.S. government-sponsored effort to help make such software as secure as possible.

Why Ellison wants to take on Google

2006-03-03T23:40:00.000+05:30

Why would any company want to go out of its way to compete with Google? That's precisely what Oracle is doing with a new program designed to search corporate networks because, CEO Larry Ellison says, "what Google does not do well is search private data."

India is top target for spam

2006-03-03T01:56:00.000+05:30

Ninety-one percent of e-mail traffic sent to Indian PC users is spam, according to e-mail security company MessageLabs, which warned that the rate of technological advancement has outstripped growth in security awareness.

The next 25 startups to fire the Internet

2006-03-02T23:04:00.000+05:30

A new Web revolution is picking up steam, and the next Google or Microsoft could emerge from the companies that are in the vanguard.

Breaking down barriers to Linux desktop adoption

2006-03-02T01:31:00.000+05:30

People reject Linux desktops for illogical reasons, says IT consultant and developer Jono Bacon. For example, they fault Linux OpenOffice desktops for not having all the features in Microsoft Windows Office, even though few actually use all of the Microsoft stuff. So, in essence, they're saying they want desktops cluttered with unnecessary features.

Google's hiring spree

2006-02-28T01:48:00.000+05:30

Over the last two years, Google has lured some of the best and brightest minds in technology and science to join the search giant's lava lamp and snack-filled offices.

Password Cracking with Rainbowcrack and Rainbow Tables

2006-02-28T01:25:00.000+05:30

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. This technique was improved by Rivest before 1982 with the introduction of distinguished points which drastically reduces the number of memory lookups during cryptanalysis. This improved technique has been studied extensively but no new optimisations have been published ever since.

Google Hacking: Ten Simple Security Searches That Work

2006-02-28T01:23:00.000+05:30

Google has become the de facto standard in the search arena. It's easy, quick and powerful. For those same reasons that the general user has gravitated to Google, so have the hackers. And as we all know, if the hackers use, the security professionals need to utilize it as well. And it doesn't hurt to have Johnny Long (with help from Ed Skoudis) showing you the ropes. Enjoy this highly informative book. We did!

McAfee employees at risk

2006-02-27T02:34:00.000+05:30

An external auditor lost a CD with information on thousands of current and former McAfee employees, putting them at risk of identity fraud.

Winpooch, an opensource watch-dog for Windows

2006-02-26T16:24:00.000+05:30

Winpooch is a Windows watchdog, free and open source. Anti spyware and anti trojan, it gives a full protection against local or external attacks by scanning the activity of programs in real time. Associated with ClamWin antivirus, Winpooch keeps safe your computer against virus.

Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.

Linux runs on older desktops

2006-02-25T14:04:00.000+05:30

Microsoft lately has been challenging Linux's suitability for older hardware, so it seems like a good time to look at Linux distributions that can run on older machines. I took six distributions for a test run on an old machine, and also tried software that turns old hardware into a thin client. The bottom line: Linux is still quite suitable for older hardware. It might not turn your aging PC into a powerhouse, but it will extend its lifespan considerably.

Googlebot gets smarter; Smile for the picture

2006-02-24T00:54:00.000+05:30

Up until now the bot (or "crawler") that Google used to index sites was based on a lynx browser.But that was so 2005. 2006 sees the introduction of a newer, smarter and pickier Googlebot. One that cares about CSS and JavaScript, position and layout.

Prof says there's no hacker he can't foil

2006-02-24T00:27:00.000+05:30

A University of Toronto professor says he can now use a photon of light to smash through the most sophisticated computer theft schemes that hackers can devise.

Windows bumps Unix as top server OS

2006-02-22T18:54:00.000+05:30

Computer makers sold $17.7 billion worth of Windows servers worldwide in 2005 compared with $17.5 billion in Unix servers, IDC analyst Matthew Eastwood said of the firm's latest Server Tracker market share report. "It's the first time Unix was not top overall since before the Tracker started in 1996."

Timeline: Employee Headcounts for Google, Yahoo, and Microsoft

2006-02-22T04:11:00.000+05:30

let's have a look at how Wall Street values the employees of each company. With yesterday's market caps,

each Microsoft employee is worth $4.3 million,
each Yahoo employee is valued at $4.7 million,
and each Google employee is valued at $19 million.

Study Finds Linux Less Expensive Than Windows

2006-02-21T03:02:00.000+05:30

This latest study is likely to fan the flames of an already heated battle in which sponsored and independent studies are used as weaponry on both sides. Linux advocates likely will point to results in the OSDL and Levanta report as "proof" of what they have known all along, that Linux is mature enough to be widely implemented in enterprise environments.

Microsoft, meanwhile, is equally likely to continue its focused campaign, called "Get the Facts," to emphasize the limitations of Linux in terms of reliability, total cost of ownership, security, and indemnification.

Windows XP 15 Minute Tune-Up - Fix Sluggish Performance for Free

2006-02-21T01:07:00.000+05:30

A fine-tuned Windows XP PC can run quite fast even it's seriously lacking in the memory and CPU department. Before you chuck out your PC to buy a new one, try stripping some of the rust that's built-up over the years; the results may surprise you.

Give your Gmail a new look

2006-02-21T00:55:00.000+05:30

1) Open this link in Mozilla firefox

http://downloads.mozdev.org/gmailskins/gmailskins_0.8.xpi

2) Allow the extension to install in firefox.

3) Close all firefox windows and open firefox again

4) Log in to your gmail account

5) Click on settings->Gmail skins

6) Choose your desired colour and other desired features

7) Voila...your gmail looks coool now.

PCWorld's reviews of antivirus software

2006-02-19T16:36:00.000+05:30

BitDefender tops the list.Mcafee comes a close second.

Ten Reasons to Buy Windows Vista

2006-02-19T02:02:00.000+05:30

The latest version of Windows--called Vista--is due to hit store shelves later this year (in time for the holidays, Microsoft tells us). The successor to Windows XP offers a little something for everyone, from eye-catching graphics and new bundled applications to more-rigorous security. In fact, there is so much in the new operating system that it can be tough to get a handle on it all.

Linux substitutes for "most wanted" Windows-only software

2006-02-17T01:03:00.000+05:30

DesktopLinux.com has reported recently on Novell Inc.'s survey of the "most wanted" Windows/MacOS-only applications among Linux users. As a result of over 14,000 votes and comments that have been registered since the beginning of January, some useful suggestions about good Linux substitutes have come to the fore.

Linux is no tougher to manage than Windows

2006-02-16T01:05:00.000+05:30

The proof is in a survey of 200 managers by Enterprise Management Associates, a market research firm. It was sponsored by Levanta, which makes a Linux-based change management product.

Here's the bottom line. According to EMA, "Sophisticated management tools now allow Linux management to be fast, effective, and inexpensive. With far lower acquisition costs, Linux is now a cost-effective alternative to Windows."

ENIAC: A computer is born

2006-02-14T00:44:00.000+05:30

Sixty years ago, the public got its first look at computers--a glimpse that launched an astonishing industry---and controversies that linger today.

Why is Digg So HOT?

2006-02-12T03:40:00.000+05:30

It is self evident that Digg.com has enjoyed tremendous growth and popularity in less than one and half years. Why is Digg so popular and what is Digg good for? To answer it, let’s first start with what Digg is and how Digg works.
Digg allows users (i.e. bloggers or publishers) submit stories, which in turn get dugg (or reviewed) by power users called diggers or editors. Once stories receive enough votes, they are published to the Digg front page and get dugg (or saved) by browsers or readers.

Windows Vs Linux ..By Microsoft

2006-02-11T02:07:00.000+05:30

Microsoft Inc. is running a campaign they name "Get The Facts". In summary this is a way to try to stop the trend of migrating from Microsoft products to GNU/Linux. Lets have a look ...

GMail code hints at coming domain feature

2006-02-09T23:26:00.000+05:30

Based on information found buried deep within the javascript source, we can start to see the bigger picture for GMail — what else could they possibly add to this mail client?

Their next big move will likely be GMail for domains — a powerful way for anybody who owns a domain to utilize GMail as a mail server, not just a client. Yahoo has their own small business mail product which does precisely this, and now evidence suggests Google is planning the same.

Search Engine for Developers

2006-02-09T00:25:00.000+05:30

The tool, known as Krugle, is designed to deliver easy access to source code and other highly relevant technical information in a single, convenient, clean, easy-to-use interface, according to the company. Krugle works by crawling, parsing, and indexing code found in open source repositories and code that exists in archives, mailing lists, blogs, and Web pages.

Gates predicted the future and got some of it right

2006-02-09T00:16:00.000+05:30

In 1995, Bill Gates wrote a book called The Road Ahead, predicting all sorts of innovations. 10 years on, some of those predictions came true. And some went horribly wrong lol

40 Linux Viruses Vs 60,000 in Windows

2006-02-08T23:46:00.000+05:30

"There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

Tor: An anonymous Internet communication system

2006-02-05T17:17:00.000+05:30

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

3rd Feb is D-Day for Worm

2006-02-02T23:34:00.000+05:30

The worm, variously named "Nyxem.D," "MyWife.E," "Blackmal.E," and the "Kama Sutra worm" by different antivirus companies, is a ticking time bomb that on the third day of each month will seek out and delete a wide range of file types found on infected Windows computers, including any Adobe PDF files and Microsoft Word, Excel and Powerpoint documents, among others.

Hacking Google China

2006-02-02T00:17:00.000+05:30

Chinese web users can see full, uncensored results for their Google search by replacing "&meta=" with "&meta=cr%3DcountryBR" in the URL. Once the string is replaced, the censorship will not affect the results

Google confirms using Ubuntu Linux

2006-02-02T00:05:00.000+05:30

Google has confirmed it is working on a desktop linux project called Goobuntu, but declined to supply further details, including what the project is for.

Create a custom hands-free Linux install image

2006-01-30T00:59:00.000+05:30

In an effort to make Linux installs easier, some smart folks at HP developed LinuxCOE, where a user could choose some basic options through a web interface, and a small (30MB or less) ISO image is generated that can be used for a "hands-free" installation using either Kickstart, AutoYAST, or the Debian Preseed autoinstallers. That code has been released as an Open Source project, and the installer component is now available through a free web site, Instalinux

Emule:The best way to download your favourite files

2006-01-28T14:37:00.000+05:30

Stop using Kazaa,Morpheus,Limewire or Imesh.They are infected with adware and viruses

Emule is a better and a safer way to download your favourite files

1) Download Emule from the link (http://prdownloads.sourceforge.net/emule/eMule0.46c_Installer.exe) and install it on your system.

You will need a good list of servers to find and download your files.Please follow one of the following ways to update your server list in the Emule client..

Manual Update:
1) Start Emule client
2) Go to http://ed2k.2x4u.de/index.html and update your Emule client using the three links provided.

Auto Update on Emule startup
1) Start Emule client
2) a) Click on the Options tab.
b) Click on Server.
c) Enable the check box for "Auto-Update server list at startup" .
d) Click on the "List.." button and add the url http://2z4u.de/4q32b3j7/max/server.met in the pop up notepad.Save the notepad and exit the Options box after clicking on "OK"

Happy Emuling !!!

Get a 2 Gb Hotmail Account

2006-01-28T10:31:00.000+05:30

1) Log in to your Hotmail account
2) Click on Options and Personal Information
3) Make the following changes in the "Home Location" Section
a) Country/Region:United States
b) State: Florida
c) Zip: 33332
d) Time Zone:Eastern Time-EST
4) Save your changes and go to
http://www4.imagine-msn.com/minisites/mail/
5) Enter your Homail ID click on Submit.
6) You will soon receive an invitation to join "Windows Live Mail" email in your Hotmail Inbox.Click on "Join Now" and get a free 2Gb account.

Samba Creator wins 2005 free software award

2006-01-26T16:21:00.000+05:30

Andrew “Tridge” Tridgell was recognized for his work as originator and developer of the Samba project. Samba reverse-engineered Microsoft's version of the Server Message Block (SMB) protocol, which is used for file-sharing and print services.

New Samba targets Active Directory

2006-01-26T00:38:00.000+05:30

A next-generation test version of the open source Samba file sharing software has been made available, with features emulating Microsoft's Active Directory ID management software.

Linux not standing in wait as Microsoft sinks its own ship

2006-01-26T00:35:00.000+05:30

So what does the Industry have to say about Microsoft? They say that though many people will swear by the invincibility of Microsoft's ship, it hasn't maneuvered all the icebergs. Collectively, the competition has started ringing up wins. With alternatives in Linux, FireFox, OpenOffice.org and Apple the Microsoft floating casino has begun to list and sway. Here's how and some of it might surprise you.

Surveys show open source popularity on the rise in industry

2006-01-22T01:23:00.000+05:30

The survey also addresses the most important question: what motivates organizations to adopt open source software? According to Optaros, cost savings is one of the most significant factors. Optaros says that companies with over US$1 billion annual revenue reported average savings of $3.3 million in 2004 as a result of open source technology, and companies with annual revenue between $50 million and $1 billion reported an average savings of $1.1 million.

Wine beats Windows in benchmarks

2006-01-20T17:48:00.000+05:30

Wine 0.9.5 leads Windows XP in 69 out of 147 tests from various benchmarks. Some of the tests that Wine won were 3D (such as 3DMark), while others were Windows API tests (such as PC Mark).

U.S. Government Wants Google Search Records

2006-01-20T17:39:00.000+05:30

The Bush administration on Wednesday asked a federal judge to order Google to turn over a broad range of material from its closely guarded databases.

The move is part of a government effort to revive an Internet child protection law struck down two years ago by the U.S. Supreme Court. The law was meant to punish online pornography sites that make their content accessible to minors. The government contends it needs the Google data to determine how often pornography shows up in online searches.