http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-05-08 20:44:00 - L inux A pache M ySQL P HP Security : Cron is the Unix scheduling daemon used to run tasks at regularintervals Cron is included with Unix, Linux, and Mac OS and isfrequently present on LAMP installations with Drupal Drupal is acomplex web application and content management system CMS and itrelies on certain administrative and maintenance tasks to be performedat regular intervals Every Drupal installation includes a PHP scriptcalled 'cronphp' that can be called directly through a browser in thesame way as the rest of the Drupal installationread morehttp://www.secuobs.com/revue/news/93758.shtmlhttp://www.secuobs.com/revue/news/93758.shtml Secuobs.com : 2009-05-06 19:19:38 - L inux A pache M ySQL P HP Security - LAMPSecurityorg is pleased to announce the release of the second inour series of capture the flag exercises Like the previous release http://lampsecurityorg/capture-the-flag-4,this exercise is a full Linux virtual machine that is vulnerable toremote root compromise due to a number of vulnerabilities Thisexercise is notable in that it includes the use of a 0-day exploitread morehttp://www.secuobs.com/revue/news/92736.shtmlhttp://www.secuobs.com/revue/news/92736.shtml Secuobs.com : 2009-03-31 15:36:44 - L inux A pache M ySQL P HP Security - LAMPSecurityorg is pleased to announce the second release in ourCapture the Flag CTF series This second installment is also a webbased application demonstrating many common vulnerabilities Althoughthe CTF is distrubuted as a VMWare virtual machine with a full LAMPstack the exercise is primarily designed as a web based one You candownload the image from SourceForgenetread morehttp://www.secuobs.com/revue/news/77343.shtmlhttp://www.secuobs.com/revue/news/77343.shtml Secuobs.com : 2009-03-23 17:26:06 - L inux A pache M ySQL P HP Security - One of the most powerful features of web scripting languages isdatabase interactivity Databases are optimized to sort data andretrieve that data with great efficiency Combining a PHP web basedapplication with a database back end makes perfect sense Leveraging adatabase's power to organize, sort, search, and retrieve data makes aweb application more flexible and dynamicread morehttp://www.secuobs.com/revue/news/73768.shtmlhttp://www.secuobs.com/revue/news/73768.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - Many PHP based web applications use md5 hashing in order to obscurestored passwords At first glance this seems like an effectivesecurity measure, however upon further examination it becomes clearthat this approach does little to secure a password Let us assumethat an attacker somehow captures the md5 hash of a users passwordThis could happen in many ways, the most obvious being a SQL injectionthat reveals the passwordMD5read morehttp://www.secuobs.com/revue/news/73085.shtmlhttp://www.secuobs.com/revue/news/73085.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - One standard form of information discovery and reconnaissance used bymalicious attackers is to scan a target website and search forrobotstxt files The robotstxt file is designed to provideinstructions to spiders or web crawlers about a site's structure andmore importantly to specify which pages and directories the spidershould not crawl Often these files are used to keep a spider fromcrawling sensitive areas of a website, such as administrativeinterfaces, so that search engines don't cache the existence of suchpages and functionalityread morehttp://www.secuobs.com/revue/news/73084.shtmlhttp://www.secuobs.com/revue/news/73084.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - Suhosin is an extremely valuable part of any effort to secure a PHPinstallation Many PHP users have long been aware of Suhosin asFreeBSD, OpenSuSE, Debian and Mandriva come with Suhosin preconfiguredor available for their PHP distribution Suhosin is an add-on to PHPthat provides additional protections against many attack vectorsread morehttp://www.secuobs.com/revue/news/73083.shtmlhttp://www.secuobs.com/revue/news/73083.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - MySQL provides a fast, flexible, stable, open source database back endto many PHP based applications MySQL provides a number of featuresthat can be used to greatly increase the security of your PHPapplication Because MySQL is often used to store critical data forweb applications, it is a common target for attackers Gaining accessto the database often allows access to sensitive data In mostdevelopment models PHP is used to provide views into the databaselayer, and in a sense to shield the database from end usersread morehttp://www.secuobs.com/revue/news/73082.shtmlhttp://www.secuobs.com/revue/news/73082.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - The MD5 hashing algorithm is a common way to store user passwords inmany PHP based applications This mechanism effectively obscures thepassword so that if the password store is compromised, user accountsare not necessarily exposed This mechanism also obscures passwordsfrom site administrators, protecting the privacy of usersread morehttp://www.secuobs.com/revue/news/73081.shtmlhttp://www.secuobs.com/revue/news/73081.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - Shoveling a shell is a process whereby an attacker can gaininteractive access to a compromised host What distinguishes ashoveled shell is that the interactive shell runs on the attacker'smachine, rather than the target This allows an attacker to bypassfirewall rules on a target, as the target sends a request to theattackers machine, and presents the shell there The attacker simplyuses an interactive connection on their local host to send commands tothe remote host and receive the output locallyread morehttp://www.secuobs.com/revue/news/73080.shtmlhttp://www.secuobs.com/revue/news/73080.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - EH-Net Compromise Disclosureread morehttp://www.secuobs.com/revue/news/73079.shtmlhttp://www.secuobs.com/revue/news/73079.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - OSSEC is an open source host based intrusion detection system IDSAn IDS is one of the most important tools available to a securityadministrator As a host based IDS or HIDS, OSSEC is uniquelyadvantaged to monitor activity from the server sideread morehttp://www.secuobs.com/revue/news/73078.shtmlhttp://www.secuobs.com/revue/news/73078.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - There have been quite a few Cross Site Scripting XSS vulnerabilitiesdiscovered in Drupal modules recently Many people scoff at XSS andeven argue that it's a low threat vulnerability In many cases this iscertainly true, however XSS can be used as an element in an attackthat leverages other security weaknesses to devastating consequence Acase in point is the password changing option in Drupalread morehttp://www.secuobs.com/revue/news/73077.shtmlhttp://www.secuobs.com/revue/news/73077.shtml Secuobs.com : 2009-03-20 10:36:15 - L inux A pache M ySQL P HP Security - It's been a little quiet here at LAMPSecurityorg, but we haven't beenresting We've been busy behind the scenes developing materialdesigned to support the educational mission of the site Specificallywe've developed a "capture the flag" CTF exercise akin to many ofthe same types of exercises offered in expensive training coursesCapture the flag exercises are designed to allow users to hone theirtesting skills in a safe environmentread morehttp://www.secuobs.com/revue/news/73076.shtmlhttp://www.secuobs.com/revue/news/73076.shtml http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-08-08 05:15:28 - Linux Apache MySQL PHP Security : Google's new Safe Browsing API is a neat service that allows you to poll the MD5 hashes of known malware and phishing sites This is especially handy because you can check URLs submitted to your site or service by internet users to make sure that they don't include malicious links The API is relatively well documented at http codegooglecom apis safebrowsing developers_guidehtml so the purpose of this tutorial is mainly focused on how you can utilize PHP to implement the API read more http://www.secuobs.com/revue/news/129142.shtmlhttp://www.secuobs.com/revue/news/129142.shtml Secuobs.com : 2009-07-30 17:51:44 - Linux Apache MySQL PHP Security - Separating the elements of your LAMP stack makes a lot of security sense If you host your web server on a different machine than your database server you get a couple of wins A compromise in your database won't allow an attacker to alter web pages or write files to the web server, and compromise of your web server wouldn't allow attackers to read the text based MySQL data files By segregating the functionality you effectively sandbox each tier of your web application to prevent the escalation of compromises read more http://www.secuobs.com/revue/news/126583.shtmlhttp://www.secuobs.com/revue/news/126583.shtml Secuobs.com : 2009-07-17 22:34:35 - Linux Apache MySQL PHP Security - LAMPSecurityorg is pleased to announce the release of the third in our series of capture the flag exercises Like the previous releases http lampsecurityorg capture-the-flag-4 and http lampsecurityorg capture-the-flag-5 , this exercise is a full Linux virtual machine that is vulnerable to remote root compromise due to a number of vulnerabilities read more http://www.secuobs.com/revue/news/121973.shtmlhttp://www.secuobs.com/revue/news/121973.shtml Secuobs.com : 2009-06-03 22:44:12 - Linux Apache MySQL PHP Security - Consider the typical LAMP stack You've got your trusty PHP webapplication running on Apache, connecting to your MySQL database allcentralized on one easy to manage machine that you can SSH to Thisarchitecture is compact, it's convenient, and it's stableread morehttp://www.secuobs.com/revue/news/105558.shtmlhttp://www.secuobs.com/revue/news/105558.shtml Secuobs.com : 2009-05-22 23:35:28 - Linux Apache MySQL PHP Security - Kojoney http://kojoneysourceforgenet/ is a wonderful lowinteraction SSH honeypot written in Python Honeypots are systems thatare set up in a deliberately vulnerable state in order to capture andobserve intruder behavior For more information about honeypots seethe excellent HoneyNet Project http://wwwhoneynetorg/ There aremany reasons to run a honeypot, but for the purposes of thisdiscussion we will assume that you want to run a honeypot to observepost compromise behavior in order to fingerprint patternsread morehttp://www.secuobs.com/revue/news/100751.shtmlhttp://www.secuobs.com/revue/news/100751.shtml Secuobs.com : 2009-05-21 00:26:33 - Linux Apache MySQL PHP Security - PHPIDS http://php-idsorg is a very intriguing project that mimicsthe functionality of much more involved intrusion detection systemsPHPIDS is written entirely in PHP, so it should be supported by almostany platform that supports PHP applications, although PHP version512 or greater is required PHPIDS also requires SimpleXML supportand PDO in order to facilitate database interactionOverview of PHPIDSread morehttp://www.secuobs.com/revue/news/99698.shtmlhttp://www.secuobs.com/revue/news/99698.shtml