Nagios plugin!

This plugin allows a web page address to be taken and then checked for given text. A Linux news page can therefore be checked for any virus or hacking news.
Details of usage are in the script itself.

#!/bin/bash
#
#       AUTHOR - Raman Sailopal
#
#       Script to check web page for news alerts i.e. viruses or hacks
#
if [ "$#" != "4" ]
then
        echo "usage: ./newschk.sh -p \"http://www.linux-magazine.com/Online/News\" -t \"Virus\""
        exit
fi
if [ "$1" != "-p" ] || [ "$3" != "-t" ] && [ "$1" != "-t" ] || [ "$3" != "-t" ]
then
         echo "usage: ./newschk.sh -p \"http://www.linux-magazine.com/Online/News\" -t \"Virus\""
        exit
fi
if [ "$1" == "-p" ]
then
        payge=$2
elif [ "$3" == "-p" ]
then
        payge=$4
fi
if [ "$1" == "-t" ]
then
        txt=$2
elif [ "$3" == "-t" ]
then
        txt=$4
fi
resp=$(curl -s $payge | grep -i $txt)
if [ "$(echo $resp)" == "" ]
then
        echo "No News"
        exit 0
else
        echo "News Alert - Go to $payge"
        exit 2
fi
exit

KOOBFACE – Inside a Crimeware Network

MUST READ! recently (12/11/2010) Infowar-monitor.net  came out with very good analysis on hackers activities inside their own network called “KOOBFACE: Inside a Crimeware Network” by Nart Villeneuve with a foreword by Ron Deibert and Rafal Rohozinski. Good work guys!

Not a related image.

Its good to see this kind of documentation/analysis where its drilled down to technical methodology, related community and  financial operation (affiliate programs and monetization strategies).  This really showed the organized cybercrime (OCC) really making alot of money from their activities. As stated there, KOOBFACE activities earning more than USD2million a year.

KOOBFACE is a command and control server where able to download archived copies of Koobface’s command and control infrastructure. The contents of the archived  revealed the malware, code and databases used to maintain Koobface.

How do they do that? Please read through this well documented analysis.

http://www.infowar-monitor.net/reports/iwm-koobface.pdf

 

The Google Hack Honeypot! GHH

While I was searching & looking for random article on Dionaea. I found someone RT about Google Hack Honeypot! Sound interesting.

As what we know, Google or other search engines have been used for many purposes such as  finding useful information, important websites and latest news on different topics, Google  index a huge number of web pages that are growing daily. From the security prospective  these indexed pages may contain different sensitive information” Google hack involves using advance operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications.

Continue reading

KISA (Korea Internet & Security Agency) in Malaysia

Today, CyberSecurity Malaysia has organized one business meeting on information security. There are 10 companies from Korea comes with their products and solutions.

I would says, most of the product come with not really a new technology but its stable enough to be implemented and ready to be use by the enterprise in order to protect their business. On my side, my intentioned more on log management and SIM (Security Information Management).

Continue reading

Can IPS/IDS detects data link layer attacks?

Blind spot on the other level and the security tools capability.

Attack on the data link layer is a attacking method that IPS/IDS cannot detect with their rules/signatures. Address Resolution Protocol  (ARP) cache poisoning for wired clients to de-authentication of wireless clients are easily to exploit because the attacking can comes from trusted network.

You can find a good open source solution to detect this attack. Such as scapy.