joey-world

Ok guys; We all have known the issues with java and their vulnerabilities, after a lot of recommendations to disable it on my browser and possibly uninstall it from my machine... it came to my concern "well, let's see how much I actually need it." Youtube and Facebook like web-pages stopped working properly. So, my question is, how am I suppose to be protected and still have the ability to work on my regular basis web pages? I mean, if I disable it, the browser in a lot of web pages stops working, of course it will happen the same if I uninstall it. I have come to the point where is Security vs. Convenience Any suggestions?

Yes I got all that. I just was concerned on the security part of it. You have succesfully answered all my questions thank you so much!!

You answered half of my question. Yet you are entirely correct. I did take those kinds of countermeassures the problems comes that I'm not sure wheather they can scan the rest of the computers in the network through that port? Let's give you an example: I have opened 4444 port on the NAT, to route my traffic to the computer 192.168.1.10:22 (SSH server) I'm wondering if I need to be concern with the server or I have to be concern in regards to the other computers in the network being compromised. This case... 192.168.1.2 - Laptop 192.168.1.3 - Cellphone Or is it impossible to reach those internal locations since the routing was previously defined on the router?

As always, Digip all over the posts n.n and again Thank you my friend. Now I have just the question in regards to the security of the open port in the NAT

Ok let's begin. So I want to setup an SSH server at home. I know how to do that, simple in almost all steps, and whatever question can be found on the internet. While the setup is easy for me, what I can't completely understand is how the hell I will connect to it from afar? I will try to give the best explanation in regards to my issue in the following list: -SSH server setup: done -NAT firewall setup: done -Client server setup: done!! -How the hell I will connect from another network with my laptop: not so good. I know I need the Public IP address, I know my router is configured to route the incoming connection to the server. My point is, every time my Public IP address changes I'm done, there's no way I can figure out my Public IP address. What is the solution to this problem? How can I get some kind of (secure) update about my current Public IP? I already try to look everywhere. I found solutions like Dyndns, etc, But that's just too much trouble because I don't want to have a DNS since it can be easier to find for potential hackers than my IP (I think) Second of all. How can I ensure that my server is protected? I had to open a port on my NAT firewall, which is like opening an invitation for someone skilled to hack into my network. Even though my Internet is not broadcasting, I have WPA2 AES encryption (the best it can get on my router) I still feel a little unsure about the security of the open port. What are your thoughts guys? Thank you so much for your help.

I do understand that Websense is a full security solution. Thing is, why is the most widely used?

I been looking for a job in the last few days. I've noticed that a lot of businesses are using websense security, not the traditional ones such as: Avast Bit defender Norton Kaspersky I'm not stating that this protections are or not effective, I'm just curious about, why websense, what's the difference, why requiered? is it really that trusth worthy? is just another well-rounded antivirus solution? If anyone has any information on the matter please let me know. Thank you

In fact I have one that my cousing block and forgot the password, good thing he didn't had anything on the box lol, I'll try it out and tell you if it's true or not :)

Ok, I have done the reasearch since I started my Associates of Networking Systems Administration, because I was aiming since the beginning towards this carrer. I will tell you my plan and you can use it as you need. There's college out there that doesn't require full time hours, I work full time and still go to college nightly. I don't want to provide information about any college in specific through since I am unsure about this site's policies, but you can message me and I can tell you some that will offer night classes in the USA. Online college? I won't recommend at all in my opinion. You don't always have the teacher right there beside you to answer your questions in a timely and proper manner. I have so many friends that have run into these issues, and at the end you will find yourself with late homework or late work that will decrease your grade and your success rate in the class. For me the success rate is EXTREMELY important. You can take Linux +. I would recommend Microsoft Certified Professional, Ethical Hacker, and Penetration Testing certifications. (www.sans.org provide the last two) You can check out their certifications, they have a lot related to security. I know they are expensive but they are worth it. If you still require more information please let me know and I will reply as soon as possible to help you out. Don't assume that what I say is the only way by any means, there are a lot of options out there since America is the country of opportunity. Best Regards Joey-world

Let me check it out. Thank you for the info.

I do have a data plan, but I will have to wait until the android syncs the email to recieve the notification, If I recieve a text message it would be faster the notification. Thank you for your opinion. :)

I want it to be well rounded, of course I forwarded the external SSH to the server, but I want also to protect if in case the network was opened and they are doing it from the inside, since I will be the only one to have access to it, the users inside of the network are a worry too. thank you for your reply.

Hello guys, I'm playing around with ubuntu server 12.04. I was wondering how can I send some sort of notification to my android cellphone when someone sucesfully login at the server? and also setup failed attempted logins? The scenario looks like this: I have a server at home, which can be accessed from another network for managing purposes or why not. Some random person finds possible to enter my network, and is trying to login to my server. I want a notification as soon as possible, so I can remotely shut down the server or do something about the incident. What you guys think? is that possible? If so how? Thank you again guys.

What it makes me even more sad, is that canonical didn't even tryied to propose this idea to the ubuntu users. In a kinda like "how would you feel about china modifing some code to make the OS better" I'm sure a lot of people would have replied "NEVER" Anyways... There's millions of factors to consider, I would love to see a Hack5 episode about ubuntu, canonical and china. Not the f#^*ng hacking cross america thing. Now that's in my opinion. Let's hope that this changes to the distrubition don't affect the reputation of Canonical and Ubuntu in the short and long run, but my paranoia for some reason is ringing with a red light. We should make a Big topic on this ubuntu thing. Make some surveys and put all the info together, to be pinned to main topics. I think that's another good idea. Another factor that we should consider is that Canonical and Ubuntu 12.04 LTS will last a couple of years more, meanwhile we can check out how the new spin goes and make a big and well analized desition. AND......... I love sandwiches

Thank you again for your information guys. I was researching about it. I found the same log even with a fresh instalation. I stopped the network, and it seems the log doesn't come out anymore. So I figure it is a regular false positive. Anyways, I started to finishing up my fresh installation of ubuntu when I get this http://forums.hak5.org/index.php?/topic/29101-ubuntu-and-china/ My heart was broken. I recommend reading the information, Take care guys.

I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open". I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story. I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu. I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system. Sad, and with no too much to say anymore... Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people. RIP Ubuntu. Best Regards

The 0.0.0.0 ip address is allocated when you don't have an IP address setup. This is not complete true since windows actually has a pre-setup IP in case the DHCP fails, it will allocate you a random generated IP address that would be used as "backup IP" The IP address in windows would look some think like this IP address 169.254.23.47 Subnet Mask 255.255.0.0 default gateway [blank] anyways in the Networking Science an IP address like this 0.0.0.0 Translates to any valid IP address in the network. As opposite difference between the loopback 127.0.0.1, the loopback will ping (or whatever you want to do with the loopback) will use your local device IP, independently whether you have an IP or not. for an instance: if you have the IP 192.168.1.2 the loopback 127.0.0.1 will ping the IP 192.168.1.2 If we were to use 0.0.0.0 instead, actually will look up for every IP in the network (depending of what are you doing) so If you have a class C IP will lookup for every IP as the example follows: 192.168.1.0/24 network Up devices = 192.168.1.1, 192.168.1.2, 192.168.1.2, etc It will ping every address being in use. Technically would be like a broadcast address. In the Class C network scheme would be the broadcast address 192.168.1.255 Hope this helps. Best Regards joey-world Network Systems Administrator

Thank you so much for your great advice guys. I am a little bit relieve now, you could say. I stick to admin paranoia and I will reformat later. Yes It may be unnecessary (according to my teacher of linux in the university). But like I say better safe than sorry. The only thing it hurts is all the time it took to harden the system. Thanks to this I've been thinking in the idea of setting up a script to install and configure all the "tweaks" needed from a fresh installation. How about that? :) That way other users can benefit from it too. Thank you again for all the time and effort you guys have put into this topic. Best Regards joey-world

Yes I'm aware of reverse connection backdoors, and my firewall is block from inbound and outbound, and I have some rules for specific ports that can be used. For example I need by force DNS (53 outbound) otherwise I will not resolve Domain names for web pages, another example I have http (80 outbound) otherwise I will not be able to connect to web pages. Each necessary service needed was manually configured. I know still a threat to have those ports open, but it's impossible to close those ones, may as well remove your wireless and Ethernet port right? n.n Thank you for your advice. I will keep checking the computer for more anomalies; If I still have issues, then I guess I will have no other option but to wipe everything and re-start all over again. It's just that is too much work, for a "maybe" you know. Best Regards

as well as encryption of the hard drive, I would add, encrypted conections, firewall filtering, a possible VPN conection, remote wipe in case of the laptop gets stolen, and I guess that's pretty much it. Best Regards

Ok so I'm a linux guy, I love security, and finally I have an issue with my ubuntu 12.04 I believe that, someway, somehow, got hack. It's difficult for me to believe it. One day I was making a regular check on the system, to make sure everything was on it's right place and I found myself facing the following; chkrootkit log: Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: /usr/lib/jvm/.java-1.6.0-openjdk-amd64.jinfo /usr/lib/debug/.build-id /usr/lib/python2.7/dist-packages/PyQt4/uic/widget-plugins/.noinit /usr/lib/pymodules/python2.7/.path /usr/lib/debug/.build-id Those files, are indeed installed by me, but they are bothering my peace. As I continue reading the log... I find this: wlan0: PACKET SNIFFER(/sbin/wpa_supplicant[1607], /sbin/dhclient[1817]) and this: Checking `z2'... user "USERNAME" deleted or never logged from lastlog! Which was kind of odd for me, since as I remember I did setup logs for my user (only user) I don't know if the packet sniffer is wireshark (which I have installed) or zenmap (which I have installed too) My firewall is completele closed, and I only open ports for the programs I use, that is, the basic ones: http, https, DNS, etc. Besides that Everything is closed, I never download anything from unknown or untrusted sources. There's also firewall filtering and drop the conection for pinging proves. Well, I continue trying to find out what the problem was, so I run the virus scanner (Clamav); and I got this: /home/USERNAME/Development Android/adt-bundle-linux/sdk/system-images/android-14/armeabi-v7a/userdata.img: ANDR.Trojan.GingerBreak FOUND /home/USERNAME/Development Android/adt-bundle-linux/sdk/system-images/android-15/armeabi-v7a/userdata.img: ANDR.Trojan.GingerBreak FOUND /home/USERNAME/Development Android/adt-bundle-linux/sdk/system-images/android-16/armeabi-v7a/userdata.img: ANDR.Trojan.GingerBreak FOUND /home/USERNAME/.wine/drive_c/windows/syswow64/INKED.DLL: PUA.Win32.Packer.MsVisualCpp-2 FOUND /home/USERNAME/Development Android/adt-bundle-linux/sdk/platforms/android-13/images/userdata.img ANDR.Trojan.GingerBreak /home/USERNAME/Development Android/adt-bundle-linux/sdk/platforms/android-12/images/userdata.img ANDR.Trojan.GingerBreak /home/USERNAME/Development Android/adt-bundle-linux/sdk/add-ons/addon-dual_screen_apis-kyocera_corporation-8/tools/emulator_dualscreen_win.exe PUA.Win32.Packer.MingwGcc-2 The list goes on and on, I clean by sending everything to quarantine. I took two days to do the next scan, to find this with Clamav: /home/USERNAME/.mozilla/firefox/jublccms.default/Cache/8/7C/1D54Cd01 PUA.JS.Xored /home/USERNAME/.mozilla/firefox/jublccms.default/Cache/0/C4/A5221d01 PUA.JS.Xored It is helpful to add that I never go to any other webpage that I don't know. At the most I follow only about 10 different web pages, and that's it. I have never have problems before and all of the sudden I have a lot of suspicios activity. The question is; What should I do? Thank you for your help.