HandBrake For Mac Mirror Server Was Compromised And Infected With PROTON Malware

Posted on in Categories Open Source, Security last updated May 7, 2017

HandBrake is an open-source and free transcoder for digital video files. It makes ripping a film from a DVD to a data storage device such as NAS boxes easier. HandBrake works Linux, macOS, and Windows. A Recent version of Handbrake for Mac and possibly other downloads at the same site infected with malware. If you have downloaded HandBrake on Mac between 2/May/2017 and 06/May/2017, you need to delete the file ASAP. HandBrake infected with a new variant of OSX.PROTON malware.

ssh_scan: A SSH configuration and policy scanner for Linux and UNIX server

Posted on in Categories Security last updated April 26, 2017

The SSH (“Secure Shell”) protocol is a method for secure remote login from one system to another. Sysadmins and users use a secure channel over an unsecured network in a client-server architecture format for connecting an SSH client with an SSH server. Security ssh server is an important task. There is a tool called ssh_scan from Mozilla which act as a prototype SSH configuration and policy scanner for your SSHD.

How to speed up OpenSSL/GnuPG Entropy For Random Number Generation On Linux

Posted on in Categories Howto, Open Source, Security last updated November 7, 2016

Entropy is nothing but the measure of “randomness” in a sequence of bits. The PRNG ( pseudorandom number generator ) is a special device (e.g. /dev/random on Linux) to create randomness from server hardware activities. It uses interrupts generated from the keyboard, hard disk, mouse, network and other sources. The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The randomness usually used for security purposes like creating TLS/SSL keys and the quality source of random bits is critical. For example, OpenSSL APIs can use quality randomness to make your program cryptographically secure. However, a poor source of randomness could result in loss of security. In this post, I will cover haveged and rng-utils/rng-tools to generate random numbers and feed linux random device for your virtual or dedicated Linux server.

Secure Your Linux Desktop and SSH Login Using Two Factor Google Authenticator

Posted on in Categories Open Source, Security last updated October 29, 2014

Two factor authentication is increasingly becoming a strongly recommended way of protecting user accounts in web applications from attackers by requiring a second method of authentication in addition to the standard username and password pair.

Although two factor authentication can encompass a wide range of techniques like biometrics or smart cards, the most commonly deployed technique in web applications is the one time password. If you have used applications like Gmail, you are probably familiar with the one time password generated by the Google Authenticator app that’s available on iOS or Android devices.

The algorithm used for the one time password in the Google Authenticator app is known as the Time-based One-Time Password (TOTP) algorithm. The TOTP algorithm is a standard algorithm approved by the IETF in (RFC 6238) totp-rfc.

Installing Tails Live Linux Operating System For Preserving Privacy and Anonymity On The Net

Posted on in Categories Open Source, Security last updated October 1, 2014

Nowadays, privacy does not hold much value when it comes to the privacy of our data on our digital devices or on the internet. In the past few weeks, we learned that everyone who tries to maintain privacy on the net is under suspicion which is all the more reason to try to keep our data, contacts, communications, and whereabouts on the internet anonymous and hidden from prying eyes as much as possible. This holds true even more for people that are more exposed like human rights activists, journalists, lawyers, and even doctors. Some of the distributions that try to assist us with this build on the Tor network.

Secure Password Hashing for Python Developers

Posted on in Categories Programming, Python, Security, Web Developer last updated July 22, 2014

It is important to store the passwords of user accounts in a secure fashion. There have been many high profile incidents where a security breach resulted in hackers obtaining database dumps of user passwords. The 2012 LinkedIn hack and the recent Adobe hack are two out of many similar cases. Due to the fact that the passwords were stored in an inappropriate fashion, the hackers (read as crackers) were able to recover the passwords of many user accounts and publish them on the Internet, resulting in an embarrassing PR fiasco for the companies.

Download of the day: Kali Linux ( BackTrack Linux )

Posted on in Categories Linux News, Open Source, Security last updated March 19, 2013

Kali Linux is the successor of the BackTrack Penetration Testing Linux distribution has been released. From the official project page:

Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.

Top 32 Nmap Command Examples For Sys/Network Admins

Posted on in Categories Command Line Hacks, Howto, Networking, Security last updated May 14, 2017

Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users.

The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.