Late last year some 32million accounts were hacked at RockYou. What was the most common factor for these accounts? Weak passwords. Passwords are your lifeline for your Internet accounts and you shouldn’t be using guessable words and numbers as your passwords. I’m not saying you should use a giant 32 character password, but adding a few combinations of numbers and special characters can make it difficult for hackers to guess.
Create a new password now.
1. Open up the dictionary
2. Look for a cool word that you can remember.
3. Add two numbers to the end of the word.
4. Add two special characters as well.
Example: slapstick72**
In reality, slapstick72 is a perfectly good password without the *’s.
RockYou accounts had passwords such as “12345″ and “123456789″, but those are obviously easy to guess. It really is laughable.
“Only 0.2% of users had what would be considered a strong password of eight or more characters that contains a mixture of special characters, numbers and both lower and upper case letters, says the study.” -TechCrunch
That is sad.
Weak passwords were also the cause of the Major twitter hack not too long ago.
Setting up a firewall in Linux is actually surprisingly easy. With Ubuntu you may want to make sure the iptables package is installed. If you run Slackware, the best Distro on Earth, you’ve already got it. Iptables is the heart of most firewall scripts in Linux.
I’m going to assume that you are running a Linux box with two Ethernet cards installed. One controller will be on the public network side, the other on the private network side. For this example we’ll also be using the 192.168.1.* network as the private network and 10.10.8.* as the public (outside) network.
Ok now it’s time to jump into the firewall script. I created a simple bash script called rc.firewall.
#!/bin/sh
###Firewall Kernel Modules and base configuration###
iptables -F -t nat
iptables -F -t mangle
iptables -F -t filter
iptables -X
iptables -t nat -X
iptables -t mangle -X
iptables -t filter -X
echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe iptable_nat
/sbin/modprobe iptable_filter
/sbin/modprobe ip_tables
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_REDIRECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_LOG
###Now we want to forward all web traffic to a server on the internal network.
iptables -t nat -A PREROUTING -d 10.10.5.56 -p tcp --dport 80 -j DNAT --to 192.168.1.27:80
##Lets configure a secure web connection too.
iptables -t nat -A PREROUTING -d 10.10.5.56 -p tcp --dport 443 -j DNAT --to 192.168.1.27:443
##A configuration to a telnet port on another Linux box? Forward public traffic on port 2000 to port 23 on an internal server.
iptables -t nat -A PREROUTING -d 10.10.5.55 -p tcp --dport 2000 -j DNAT --to 192.168.1.210:23
###We can't forget to route Quake Arena traffic as well.
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 28960 -j DNAT --to 192.168.1.64:28960
##Now lets BLOCK a bunch of IP addresses. Basically we are blocking the INPUT, OUTPUT and FORWARDING for all data, source and destination for the given IP address of 213.2.31.55.
iptables -A FORWARD -p tcp -s 213.2.31.55/8 -j DROP
iptables -A INPUT -p tcp -s 213.2.31.55/8 -j DROP
iptables -A OUTPUT -p tcp -s 213.2.31.55/8 -j DROP
iptables -A FORWARD -p tcp -d 213.2.31.55/8 -j DROP
iptables -A INPUT -p tcp -d 213.2.31.55/8 -j DROP
iptables -A OUTPUT -p tcp -d 213.2.31.55/8 -j DROP
###Route all web based surfing and Internet access through this firewall.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Thats basically it. Save and run the firewall script. You can test by trying to surf from within the network. Make sure the Gateway on your workstation is set to the internet IP address where this script is running.
You can also call a friend or someone to try to access a web server or whatever for testing.
December 11th, 2009
Jimmy
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).
Features
* Full C library functions for manipulating a client-side SSH connection
* SSH2 and SSH1 protocol compliant
* Fully configurable sessions
* Server support
* SSH agent authentication support
* Support for AES-128, AES-192, AES-256, Blowfish, 3DES in CBC mode
* Use multiple SSH connections in a same process, at same time
* Use multiple channels in the same connection
* Thread safety when using different sessions at same time
* POSIX-like SFTP (Secure File Transfer) implementation with openssh extension support
* SCP implementation
* RSA and DSS server public key supported
* Compression support (with zlib)
* Public key (RSA and DSS), password and keyboard-interactive authentication
* Full poll() support and poll-emulation for win32.
* A complete doxygen documentation about its API
* Runs and tested under x86_64, x86, ARM, Sparc32, PPC under Linux, BSD, MacOSX, Solaris and Windows
* Developers listening to you
* It’s free (LGPL)!
September 18th, 2009
Jimmy
Serena Williams’ latest outburst incident at the U.S. Open has lead to hackers creating websites with the terms “Serena Williams Outburst” and the infection of who knows how many computers. The main site in question, pixnat.com, hosts a variety of viruses and Malware, specifically fake anti-virus pop ups. Another perfect example of how hackers are tacking advantage of Search Engine Optimization tactics to spread their Spyware. Read more…
I don’t know why I didn’t think of this early, maybe the bad round of gold today freed my mind! Get rid of FTP forever on your Linux machines! We recently got a bad Linux worm from an FTP vulnerability. FTP security has been a big problem for us lately and I think I found a solution. The good news is it’s already installed and running on most Linux distributions!
Read more…
Many of us have accounts all over the Internet; Ebay, Gmail, Yahoo, World of Warcraft, EVE Online and the list goes on. You can take just a few steps in making sure your online accounts don’t get hacked. With your personal information so readily available, hackers can easily hack almost any of your online accounts.
Read more…
