I was scanning my server log files the other day and found that this old “bot” is still making the rounds. It help’s to shut the door on this with some configuration. It’s specifically looking for PHP vulnerabilities and is easily identified by the expletive in it’s User-Agent HTTP request headers.
REFERENCES:
This HTTP Header is a feature added by MSIE8 to force it to restrict some XSS vectors that can be disabled by the user. Generally you can add it into your webserver configuration.
X-XSS-Protection: 1; mode=block
REFERENCES:
Best practices for web applications often call for the use of a CDN. Those of you that have worked with YSlow! are likely very accustomed to seeing warnings for this reason. I’ve found that CloudFlare is very easy to setup, and for basic services costs absolutely nothing. In addition to the obvious performance advantages of using a CDN to offload much of your network traffic, it also has the advantage of improved security.
CDN’s work by caching a copy of your static content at several locations around the world, making it closer and faster for your users.
Implementation takes only minutes as it requires that you:
Some additional advantages I’ve seen since implementing:
REFERENCES:
To prevent XSS/CSRF exploits in MSIE8 and newer, it’s often best to close as many attack vectors as possible. An easy one to implement is an HTTP Header to prevent MSIE from “sniffing” the content to change it when incorrect.
Example: we would not want an HTML page intentionally served with ‘text/plain’ to be rendered as HTML.
X-Content-Type-Options: nosniff
Content-Type: text/plain
This could be added programatically to pages in your application, via a servlet or servlet filter or added to the httpd.conf file.
Apache2 example: httpd.conf
<IfModule headers_module>
Header set X-Content-Type-Options nosniff
</IfModule>
REFERENCES:
Due to various security models, it can be difficult to create a simple way to copy data from a browser application into the OS’es “clipboard” with simple javascript. There are several libraries out there to assist in making this work across various platforms, most utilize Flash.
Here are a few notable methods:
If you make heavy (or even typical) use of your computer, you’ll often notice that it just doesn’t seem as fast as it once was. For a slight increase in performance, disk space and to generally remove some of the ‘temporary’ files/cruft that are routinely written to disk you have a few options.
Here are a few of my current favorites for doing ‘Spring Cleaning’ on my computers… BleachBit and CCleaner
This topic, and Firefox add-on have received a lot of press lately, as such I figured that I’d capture some comments on the topic. HTTP Session hijacking is nothing new, anyone with the ability to monitor your non-secured network traffic can do this with little effort… what’s happened here is that there are now some really simple to use tools to do the job.
In the past, someone would have to passively monitor your network traffic with a tool like WireShark, and all they’d really have to do is wait for you to access a website to watch the ‘HTTP Cookies’ (or even a URL that contains a ’session id’). With that information, they simply need to use the same value that you do to essentially take over your session and your current state. Banks are particularly at risk for this, but in most cases they use HTTPS/SSL for all secure data including logins. Social websites such as Facebook and even GMail, often default to non-secure logins to maximize their server and network performance.
Best defense here… never use non-secure login forms, especially when using a public wireless (or wired) network.
Interesting enough, there’s now a Firefox add-on that monitors for usage of Firesheep on the network, unfortunately neither of these currently work in Linux… links below!
If you’ve been online at all in the last decade, you’ve heard of the “dangers” of HTTP Cookies. More nefarious and harder to remove are Flash Cookies as they are handled by a plugin/extension/addon to the browser and exist outside of the normal security settings.
To see or delete Flash data, you’ve got to visit the following URL:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
You will probably be suprised to see many of the sites listed, as Flash is often being used to present you with ads in addition to the interactive elements that you might expect.
REFERENCES:
This one is quite eye-opening. I recently suffered a hard-drive failure and was unable to boot either operating system in a multi-boot environment. The only item not backed up was a large number of photos and movies that I had accumulated and intended to burn to a CD/DVD. Using a ‘Live’ Ubuntu CD, I was able to use the Foremost program to analyze the drive media and locate all JPG and MPG files and copy them to a ’safe’ location.
What’s frightening here is that these files are not located by their filenames, but by their contents… largely the first few bytes of the file itself when stored on disk. In my experience, Foremost was easily able to parse NTFS and EXT4 partitions.
Word to the wise… this is only possible if you do not use encryption to obscure the data on the drive itself. I’d personally recommend enabling the options provided by your operating system itself if you store sensitive data. Alternately, software like TrueCrypt can be used to hide specific assets.
Happy Recovery!
Here’s another great reason to use Linux over Windows. Ksplice Uptrack provides for runtime patching of the Linux kernel without rebooting of the machine. This has great advantages where you need to maintain the security of a server but have limited opportunites to reboot due to SLA’s (Service Level Agreements). Ubuntu Linux was the first supported operating system, other variants are now available too, though often for a fee.