400K+ Exim MTA affected by overflow vulnerability on Linux/Unix

Posted on in Categories Linux News, Security last updated March 8, 2018

Exim is a free and open source message transfer agent (MTA) developed at the University of Cambridge. It is famous on Unix and Linux systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. There is a buffer overflow in base64d() of Exim MTA that allows an attacker to run code remotely. ALL versions of Exim MTA affected by overflow vulnerability i.e. CVE-2018-6789.
Continue reading “400K+ Exim MTA affected by overflow vulnerability on Linux/Unix”

Book Review: SSH Mastery – OpenSSH, PuTTY, Tunnels & Keys

Posted on in Categories Open Source, Reviews, Security last updated March 6, 2018

Book Review: SSH Mastery
OpenSSH needs no introduction. OpenSSH is a free and open source suite of security-related software based on the SSH protocol. OpenSSH provides secure network communication and tunneling capabilities. OpenSSH gives peace of mind when communicating with Linux or Unix-like server over the Internet on the insecure network.

SSH is essential for both sysadmins and developers. The book “SSH Mastery” (2nd ed) talks about OpenSSH server, clients, encryption, public/private keys, VPNs and other security-related network-level utilities based on the Secure Shell SSH protocol.

Why port 80 (HTTP) reported as open by nmap when it is closed?

Posted on in Categories Security last updated July 2, 2017

Why are some ports reported as open by nmap?
I recently setup a small server which is running Debian 9. The purpose of this machine is to run OpenVPN server on port 443 to bypass censorship. It runs the following services and nothing else:

  1. Squid on private IP belongs to VPN pool (10.8.0.1:3128)
  2. SSH on private IP belongs to VPN pool (10.8.0.1:22)
  3. DNS resolver on private IP belongs to VPN pool (10.8.0.1:53)
  4. OpneVPN on public IP port 443 (server_public_ip_address:443)

Linux security alert: Bug in sudo’s get_process_ttyname() [ CVE-2017-1000367 ]

Posted on in Categories Security last updated May 31, 2017

CVE-2017-1000367
There is a serious vulnerability in sudo command that grants root access to anyone with a shell account. It works on SELinux enabled systems such as CentOS/RHEL and others too. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. Patch your system as soon as possible.

HandBrake For Mac Mirror Server Was Compromised And Infected With PROTON Malware

Posted on in Categories Open Source, Security last updated May 7, 2017

HandBrake is an open-source and free transcoder for digital video files. It makes ripping a film from a DVD to a data storage device such as NAS boxes easier. HandBrake works Linux, macOS, and Windows. A Recent version of Handbrake for Mac and possibly other downloads at the same site infected with malware. If you have downloaded HandBrake on Mac between 2/May/2017 and 06/May/2017, you need to delete the file ASAP. HandBrake infected with a new variant of OSX.PROTON malware.

ssh_scan: A SSH configuration and policy scanner for Linux and UNIX server

Posted on in Categories Security last updated April 26, 2017

The SSH (“Secure Shell”) protocol is a method for secure remote login from one system to another. Sysadmins and users use a secure channel over an unsecured network in a client-server architecture format for connecting an SSH client with an SSH server. Security ssh server is an important task. There is a tool called ssh_scan from Mozilla which act as a prototype SSH configuration and policy scanner for your SSHD.

How to speed up OpenSSL/GnuPG Entropy For Random Number Generation On Linux

Posted on in Categories Howto, Open Source, Security last updated November 7, 2016

Entropy is nothing but the measure of “randomness” in a sequence of bits. The PRNG ( pseudorandom number generator ) is a special device (e.g. /dev/random on Linux) to create randomness from server hardware activities. It uses interrupts generated from the keyboard, hard disk, mouse, network and other sources. The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The randomness usually used for security purposes like creating TLS/SSL keys and the quality source of random bits is critical. For example, OpenSSL APIs can use quality randomness to make your program cryptographically secure. However, a poor source of randomness could result in loss of security. In this post, I will cover haveged and rng-utils/rng-tools to generate random numbers and feed linux random device for your virtual or dedicated Linux server.