Loading...

...

Our Books

Got Root >
3d browser Print


MD5 weakness Proof of Concept
By: Michael Shinn  on: Tue 30 of Dec., 2008 13:45 EST  (72 Reads)
Vulnerability

MD5 (external link) (cache) weaknesses have been known for some time now and security researchers have been recommending against its use for a few years, while predicting that a realistic attack was just around the corner. Research was published today that demonstrates that realistic attacks are possible now. The research deals with a proof of concept collision attack to create fake CA certificate using MD5. The researchers state that a knowledgeable attacker can fake a valid signature on a CA certificate, thereby making it possible to hijack the PKI used to sign SSL certs by pretending to be a valid CA. The researchers website MD5 considered harmful today (external link) (cache) has the details. In short, nothing important should use MD5 anymore.

BotHunting tool
By: Michael Shinn  on: Sun 21 of Dec., 2008 19:00 EST  (138 Reads)
Security Tool

For those that are not familiar with it, SRI has a great project called BotHunter?. Its a snort derivative using special rules and some SRI code to detect bots on your network and to anonymously share data with the BotHunter? folks. The installer is top notch and we really like what the project is doing. Check it out yourself at http://www.bothunter.net (external link)

ASL 2.0 Final Released
By: Michael Shinn  on: Mon 07 of July, 2008 12:06 EDT  (467 Reads)

Prometheus Group is proud to announce the release of Atomic Secured Linux 2.0, the latest version of our cutting-edge Unified Security solution for servers.

Virtual Patch for Hidden Text Exploit
By: Michael Shinn  on: Thu 24 of April, 2008 18:00 EDT  (2025 Reads)

SANS ISC (external link) (cache) brings us a report (external link) (cache) of a new method spammers are using to put links into blogs using hidden text. We don't consider this a WordPress vuln, but rather a class of problems revolving around hidden test. This is very reminiscent of the iframe attacks using hidden iframes. In the spirit of making the world a nicer place, we're publishing Modsec rules to protect against this problem. You can download the rules from here. Right now its one rule, but as we discover other ways to protect against this we'll update the file. If you are running ASL or have a subscription to the real time rules, this is included in the latest update automatically.

Free Modsecurity 2.5 rules released
By: Michael Shinn  on: Tue 18 of March, 2008 11:28 EDT  (1732 Reads)

We've been providing 2.5 signatures and rules to our ASL customers for over a year, and are proud to announce the availability of these rules through the GotRoot? lab website. The free rules are delayed 30 days. Want the rules in real time? Well sign up now! (external link) Its only $79.95 a year for a real time subscription to the most comprehensive and widely used WAF rules on the Internet!

ASL 2.0 final beta out
By: Michael Shinn  on: Mon 04 of Feb., 2008 20:18 EST  (2229 Reads)
Software Release

We've been been working like mad men on ASL (especially Scott), and we're at the final Beta. 2.0 final is just around the corner. The GUI is slick, tons of new security features, vulnerability scanner, built in support portal and more. Check it out on the ASL website (external link).

Site move complete
By: Michael Shinn  on: Mon 04 of Feb., 2008 19:47 EST  (1642 Reads)

For anyone that had problems logging into their accounts, I do apologize for the delay fixing the site. The problem was very very very convulted. Ah the joys of moving boxes, upgrading PHP, MYSQL and Javascript. Logins should be working again for everyone.

Virtual Patching talk at SANS CDI
By: Michael Shinn  on: Wed 12 of Dec., 2007 18:58 EST  (1778 Reads)

Ryan Barnett and I will be giving a talk on Virtual Patching at SANS CDI 2007. Our talk is on December 14th, from 7:30PM to 8:30PM. Drop by and join us, and after please join us for beers and friendly banter.

Heres a link to the official SANS CDI page:

https://www2.sans.org/cdi07/night.php?portal=821dc21b4842373211f7acb46edf6b96 (external link)

Virtual Patching article with SANS
By: Michael Shinn  on: Wed 12 of Dec., 2007 18:48 EST  (1860 Reads)

I recently put together a tips and advice article for Virtual Patching for SANS (external link) (cache). You can read it here Virtual Patching for Web Applications with ModSecurity (external link) (cache). Technical Review of the article was by Ryan Barnett and GIAC Advisory Board, which I greatly appreciate.

Filter out iframe attacks
By: Michael Shinn  on: Sun 02 of Sept., 2007 19:44 EDT  (5998 Reads)
Security Tool

iframe attacks seem to be taking a hold with many vulnerable websites. The problem obviously being vulnerable ap plications, which we would all like to see fixed. However, not everyone can be so lucky as to have either perfect applications, or perfect countermeasures against these vulnerabilities. Enter output filtering. We've put together a special set of rules for anyone running apache. This will filter out all your iframe attacks.

Modsecurity 2.0 compatible rules released
By: Michael Shinn  on: Sun 22 of Oct., 2006 15:45 EDT  (3633 Reads)

2.0 compatible rules were released today. Consider these beta quality rules until further testing is done. Also, the format of the rules has changed considerably in 2.0, so if you want production quality we recommend you use the 1.9 rules with modsecurity 1.9.4.







Latest Realtime Rules (supports modsec 2.5!)


Version:
Apache 2.x rules: (gzip) (external link)
Apache 1.x rules: (modsecurity 2.5 does not support apache 1.x)

Sign up for subscription (external link)


Free Delayed Rules (Delayed 30 days)

Apache 2.x rules: (gzip) (external link)
Apache 1.x rules: (modsecurity 2.5 does not support apache 1.x)


Individual Delayed Ruleset downloads for modsec 2.5 (Delayed 30 days)


Retired Rules (No longer updated)

All in one downloads for modsec 2.0-2.1

All in one downloads for modsec 1.9


Individual Ruleset downloads for modsec 2.x


Individual Ruleset downloads for modsec 1.9





Mikes Corner




The Fire Monkey






DateTitleAuthor
19/Nov/2004 02:13Dealing With Phishingfmonkey
10/Nov/2004 10:49I Want Better Bookmarksfmonkey
21/Sep/2004 03:18Cisco's VoIP Securityfmonkey
16/Sep/2004 04:38Choosing A Secure Passwordfmonkey



Steves Wacky Programming




DateTitleAuthor
10/Oct/2004 02:25Compiled Fungesteve
20/Sep/2004 06:033d programming...can it be a Good Thing(TM)?steve




Created by: mshinn19579 points . Last Modification: Saturday 03 of January, 2009 23:27:50 EST by mshinn19579 points .
The content on this page is licensed under the terms of the Got Root License.

RSS feed Wiki RSS feed Blogs RSS feed Articles