I use multiple Mac workstations to manage all my systems and services
(AWS infrastructure, Kubernetes) so it is a challenge to manage the
keys and credentials needed to access those systems. YADM (Yet Another Dotfiles Manager) \<https://thelocehiliosan.github.io/yadm/\>__ does
a great job of managing this files and storing them in a git repository
but I wasn't comfortable hosting that repository on a public facing
service (Github or Gitlab) so I took advantage of Keybase's private
encrypted git repo
feature.
Not like the spitting up green pea soup exorcism but
Exercism.io, one of many great resources for
learning programming languages by solving actual problems. Similar to
Ruby Koans, you are given a programming problem
to solve and a set of unit tests. Your challenge is to make all the
tests pass by writing code (ala
TDD). As you
write your code and run your tests you may be given hints leading
towards a solution or you may have to just figure it out on your own.
Once all your tests are passing, you publish your code to the Exercism
site where others can review and you can see other people's solutions
for the same problems. I've learned more by reviewing other people's
code than all the books and blog posts I've read.
This is a very cool little app that I found after listening to Security
Now Episode 233: Let's Design a Computer. Some
of the basic circuits were hard to visualize and this app kind of brings
them to life with animated current flow and some interactivity. For the
podcast you'll want to look in the Circuits menu for the Logic
Families/RTL for the circuits being discussed.
This java applet is an electronic circuit simulator. When the applet
starts up you will see an animated schematic of a simple LRC circuit.
The green color indicates positive voltage. The gray color indicates
ground. A red color indicates negative voltage. The moving yellow dots
indicate current.
| Apple - Support - Security Configuration
Guides
| The Security Configuration Guides provide an overview of features in
Mac OS X that can be used to enhance security, known as hardening your
computer.
The guides are designed to give instructions and recommendations for
securing Mac OS X and for maintaining a secure computer.
To use these guides, you should be an experienced Mac OS X user, be
familiar with the Mac OS X user interface, and have at least some
experience using the Terminal application’s command-line interface. You
should also be familiar with basic networking concepts.
| Wfuzz - A Tool for Bruteforcing/Fuzzing Web Applications | Darknet -
The
Darkside
| Wfuzz is a tool designed for bruteforcing Web Applications, it can be
used for finding resources not linked directories, servlets, scripts,
etc, bruteforce GET and POST parameters for checking different kind of
injections SQL, XSS, LDAP,etc, bruteforce Forms parameters
User/Password, Fuzzing,etc.
| Apache .htaccess tweaking tutorial at Vortexmind: free your
mind
| In this tutorial we are going to improve our website by tweaking out
the .htaccess file. Why I wrote this article? Because on the net I
have found many articles about this little beast, but every one of
them dealt with a specific issue and not look at the overall usage of
these files, or they are just too big when you need to do a thing in
little time. So I’m trying to collect all the useful bits of data in a
monolithic but slim tutorial, which will be updated as I collect more
information. But first, let’s see what .htaccess file is…
It seems like Ive been interested in security since I started playing
with computers. It was always about trying to push the limits of what
could be done. As I moved through the various phases of an IT career my
interest just grew. At the University of Georgia and then in enterprise
environments that I worked at when I first got out of school there was a
lot of infrastructure being built out, but not a lot of interest in
security. This is about the time that I found Def Con, 2600 and Black
Hat, and became part of that community. Once I got a little involved in
those the interest seemed to grow exponentially. Then, when I got
involved in networking Macs in the Entertainment Industry, these
interests came together. Now I see the hacker community somewhat of a
protector, finding flaws so they arent discovered by people with bad
intentions and helping to make systems more secure for everyone.
| macosxhints.com - OS X VPN client and Cisco
ASA
| Summary: This hint is for Network Engineers who want their firewalls
to accept VPN connections from standard OS X L2TP / IPSec clients
(should also work for Windows and Linux clients). If you are not a
network engineer, but are having trouble connecting to one of these
devices, you can also forward this tip to your company's "firewall
person," so that they can fix it.
| Learn the best way to batten down the hatches on your servers
without going too far.
| by Kenton Gardinier for ftponline.com
| Windows Server 2003 Terminal Services in terminal server mode can be
run in either the Full Security or Relaxed Security compatibility mode
to meet your organization's security policy and application
requirements. Full Security mode was created to help lock down the
terminal server environment to reduce the risk of users mistakenly
installing software or inadvertently disabling the terminal server by
moving directories or deleting Registry Keys. This mode can be used
for most certified terminal server applications.
| Read
more.
Respondents were allowed to list open source or commercial tools on any
platform. Commercial tools are noted as such in the list below. Many of
the descriptions were taken from the application home page or the Debian
or Freshmeat package descriptions. I removed marketing fluff like
"revolutionary" and "next generation". No votes for the Nmap
Security Scanner were counted because the survey was taken on an Nmap
mailing list. This audience also means that the list is slightly biased
toward "attack" tools rather than defensive ones.
eb 10 07:07:36 localhost sshd[1078]: Illegal user matt from
210.127.248.158 Feb 10 07:07:38 localhost sshd[1080]: Illegal user
test from 210.127.248.158 Feb 10 07:07:40 sshd[1082]: Illegal user
operator from 210.127.248.158 Feb 10 07:07:42 sshd[1084]: Illegal
user wwwrun from 210.127.248.158 Feb 10 07:07:52 sshd[1096]: Illegal
user apache from 210.127.248.158 Feb 10 07:07:59 sshd[1104]: Failed
password for root from 210.127.248.158 port 58752 ssh2 Feb 10 07:08:01
sshd[1106]: Failed password for root from 210.127.248.158 port 59136
ssh2 Feb 10 07:08:03 sshd[1108]: Failed password for root from
210.127.248.158 port 59176 ssh2 Feb 10 07:08:15 sshd[1122]: Failed
password for root from 210.127.248.158 port 60606 ssh2 .…
Here is a snip of a great article explaining Virus Spoofing from
www.lse.ac.uk:
Email-distributed viruses that use spoofing, such the Klez or Sobig
virus, take a random name from somewhere on the infected personís hard
disk and mail themselves out as if they were from that randomly chosen
address. Recipients of these viruses are therefore misled as to the
address from which they were sent, and may end up complaining to, or
alerting the wrong person. As a result, users of uninfected computers
may be wrongly informed that they have, and have been distributing a
virus.†
I have yet to find an application that detects adware and spyware before
it's installed on your PC, so my recommendation is not to pay for
adware/spyware removal software at this time. Simply use a combination
of Ad-aware (freeware version) and Spybot - Search & Destroy to remove
the offending software. I believe Norton is on the right track by
combining antivirus software with adware/spyware-detection. With
automatic updates and real-time detection, Norton could prove to be the
ultimate removal tool for viruses, adware, and spyware. Only time will
tell, and I'm sure McAfee has something up its sleeve as well.
| Affected Software
| Mac OS X 10.3 (all versions through at least 26-Nov-2003)
| Mac OS X Server 10.3 (all versions through at least 26-Nov-2003)
| Mac OS X 10.2 (all versions through at least 26-Nov-2003)
| Mac OS X Server 10.2 (all versions through at least 26-Nov-2003)
| Probably earlier versions of Mac OS X and Mac OS X Server
| Possibly developer seeded copies of future versions of Mac OS X