Archive | Linux Hacking


10 May 2006 | 6,287 views

MORE Sendmail Problems – Signal Handling Vulnerability

OH MY GOD, NOT ANOTHER SENDMAIL FLAW? What’s that? Yah number 1001010102121. Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, Sendmail [...]

Continue Reading


04 May 2006 | 12,804 views

Homeland Security Uncovers Critical Flaw in X11

An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using [...]

Continue Reading


15 April 2006 | 36,694 views

Some Good Tips to Secure Linux

I came across this while browsing, has some pretty solid stuff, goes deeper than most basic Linux security guides. It has some good sections like this on protection against fork bombs: Fork bombs are programs that keep creating child processes until system resources are all used, they actually aren’t remote exploits because they require a [...]

Continue Reading


23 March 2006 | 9,026 views

kArp – Linux Kernel Level ARP Hijacking/Spoofing Utility

Introduction kArp is a linux patch that allows one to implement ARP hijacking in the kernel, but control it easily via userland. You may configure, enable and disable kArp via ProcFS or the sysctl mechanism. kArp is implemented almost on the device driver level. Any ethernet driver (including 802.11 drivers) is supported. The kArp code [...]

Continue Reading


17 March 2006 | 8,868 views

Measuring up the Security Risks for Mac – Are Apple Prepared?

The fact is Windows is getting ripped apart with viruses, spamware, spyware, zombie clients, trojans worms and whatever else you can think of. Mac and Linux aren’t (at the moment), there are already Bluetooth viruses, so why not Linux and Mac.. Some may say it’s because they are inherently more secure, the architecture and user [...]

Continue Reading


10 March 2006 | 22,804 views

SSL VPNs and OpenVPN – Part IV

4. Brief How-to …. Creating Multiple clients to Single site tunnels. Example of using PKI to create a client-to-site VPN: For a road warrior or roaming/multiple user scenario, static keys based VPNs don’t scale well. You will need to implement a PKI if you have Hub and Spoke architecture of VPN. From the OpenVPN.net website: [...]

Continue Reading


09 March 2006 | 21,438 views

SSL VPNs and OpenVPN – Part III

3. Brief How-to ….. OpenVPN and Site-to-Site Tunnels. OpenVPN can be implemented either Site-to-site or client-server model. I will take example configurations of both models. If you want to implement site-to-site configuration, the best way is to use static-keys instead of PKI. Using static keys, you can have your VPN tunnel up and running in [...]

Continue Reading


08 March 2006 | 16,471 views

SSL VPNs and OpenVPN – Part II

2. Why OpenVPN Here, in this article, I will lay down the emphasis on one important Open-Source SSL VPN software written by James Yonan and contributed by several others, which proposes security without the inherent complexity of IPsec AND using a trusted design of client component and VPN server. Usually VPNs require end points which [...]

Continue Reading


07 March 2006 | 27,282 views

SSL VPNs and Using OpenVPN

Requirement: To connect to a VPN server in a different country. Situation: A country which has proxies at every gateway. Issues: VPN based on IPSec is fussy when it comes across networks which are NAT’ted/ proxied. The Security Parameters Indexes don’t match and clients do not get connected. Objective: To connect VPN server in a [...]

Continue Reading