Tuesday, August 10, 2010
New data comparing ineffectiveness of antivirus products
There’s really no good news here for antivirus vendors, or their customers.
Cyveillance, which touts itself as “a world leader in cyber intelligence”, has a press release announcing a study that seems to reveal the (really) bad news.
[T]raditional antivirus (AV) vendors continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threats on the Internet. Cyveillance testing shows that even the most popular AV signature-based solutions detect on average less than 19% of malware threats. That detection rate increases only to 61.7% after 30 days.
Friday, July 23, 2010
tripwire configuration and operation
Think of this as a quick setup guide to tripwire on CentOS (or RHEL). My platform, as usual, is CentOS 5.5. The version of tripwire installed is open source 2.4.1.1-1.el5 available from EPEL.
My main sources of information were the tripwire man pages and a blog post entitled Install Tripwire on Fedora 11 (the EPEL package is a port of the Fedora package for RHEL). The especially useful twpol.txt filtering script came from the blog post.
[Read More…]
Tuesday, July 20, 2010
rkhunter
Some basic configurations for rkhunter, a root kit detector tool that I’ve found useful.
I installed the EPEL package for CentOS (RHEL) 5, currently rkhunter-1.3.6-7.el5.noarch.rpm.
[Read More…]
Monday, July 19, 2010
CIS Apache Web Server Scoring Tool
The Apache Benchmark Tool assesses target systems for conformance with the CIS Benchmark for Apache Web Servers.
Here’s the link to the code:
CIS Apache Web Server Scoring Tool for the 2.1.0 Benchmark v1.0.0
This is free but unsupported software from the nonprofit Center for Internet Security.
[Read More…]
Monday, June 28, 2010
Security Notes: Ghosh on why patching isn’t enough
Good piece by Anup Ghosh over on his Invincea blog:
In a recent interview for episode #51 of the Silver Bullet Security podcast, Gary McGraw asked me what will be the next big application to be exploited. The context is last year Adobe Reader exploits superceded browser (Internet Explorer) exploits and has become the go-to application to exploit. So what’s next?
Instead of giving him another application, I told him the next big exploit will exploit users’ desire, fear and trusted relationships. These types of exploits don’t necessarily need a vulnerability in an application to succeed. They just need to get users to click on links and dialog boxes by appealing to basic emotions such as desire, fear, and trusted relationships.