Archive

Archive for the ‘Security’ Category

Do not open any message with an attachment called: Black in the White House

May 16th, 2010 Behzad No comments

Forwarded email warns of ‘the most destructive ever’ computer virus circulating as an attachment to messages entitled ‘Black in the White House.’

Description: Virus hoax
Circulating since: Dec. 2009
Status: False
Email example contributed by Kenneth D., Jan. 5, 2010:

Subject: FW: URGENT!

PLEASE CIRCULATE to your friends, family and contacts.

In the coming days, Do not open any message with an attachment called: Black in the White House,

Regardless of who sent you … It is a virus that opens an Olympic torch that burns the whole hard disk C of your computer. This virus comes from a known person who you had in your list Directions. . That’s why you should send this message to all your contacts.

It is better to receive this email 25 times to receive the virus and open .. If you receive a message called: black in the white house, even sent by a friend, do not open and shut down your machine immediately. It is the worst virus announced by CNN. A new virus has been discovered recently it has been classified by Microsoft as the virus most destructive ever. This virus was discovered yesterday afternoon by Mc Afee. And there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the hard disk, where information vital function is stored.

Analysis: False. No such computer virus exists. This is a variant of a virus hoax that has circulated in many forms for the past decade. Previous versions include:

• ‘A Virtual Card for You’ Virus
• ‘Invitation’ Virus
• ‘Merry Christmas’ Virus
• ‘Hallmark Postcard’ Virus

Generally speaking, following the advice of forwarded emails is an ineffective way of maintaining your Internet security. Protecting yourself from real virus and Trojan threats entails a few simple but critical measures. Follow them religiously:

  1. Always be very careful concerning which attachments you open and which files you download. If you can’t be reasonably sure they are safe, don’t open or download them.
  2. Maintain up-to-date antivirus software on your computer, configure it to detect trojan horses and other malware automatically, and scan for viruses and other threats regularly.
  3. Always be careful concerning which links you choose to click, especially in messages from anonymous or unfamiliar sources. Clicking on these links can instantly download malicious software onto your computer. Again, if you can’t be reasonably sure a link is safe, don’t click on it.
Categories: Security Tags:

Securing Apache HTTP Server

February 13th, 2008 Behzad No comments

The Apache HTTP Server is one of the most stable and secure services that ships with Red Hat Linux. There are an overwhelming number of options and techniques available to secure the Apache HTTP Server.Below is a list of configuration options administrators should be careful using.

FollowSymLinks
This directive is enabled by default, so be careful where you create symbolic links to in the document root of the Apache HTTP ServerWeb server. For instance, it is a bad idea to provide a symbolic link to /.

The Indexes Directive
This directive is enabled by default, but may not be desirable. If you do not want users to browse files on the server, it is best to remove this directive.

The UserDir Directive
The UserDir directive is disabled by default because it can confirm the presence of a user account on the system. If you wish to enable user directory browsing on the server, use the following directives:

UserDir enabled
UserDir disabled root

These directives activate user directory browsing for all user directories other than /root. If you wish to add users to the list of disabled accounts, add a space delimited list of users on the UserDir disabled line.

Do Not Remove the IncludesNoExec Directive

By default, the server-side includes module cannot execute commands. It is ill advised to change this setting unless you absolutely have to, as it could potentially enable an attacker to execute commands on the system.

Restrict Permissions for Executable Directories
Be certain to only assign write permissions only to the root user for any directory containing scripts or CGIs. This can be accomplished by typing the following commands:

chown root
chmod 755

Also, always verify that any scripts you are running work as intended before putting them into production.

Categories: Linux | CentOS, Security, cPanel Tags: , , ,

WordPress 2.3.3 Urgent Security Release

February 5th, 2008 Behzad No comments

WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available.

Since we are talking security, remember to use strong passwords and change them regularly.  While you’re updating WP and your plugins, consider refreshing your passwords.

Categories: Security, WordPress Tags: , , ,